Setting up a connection from a Content Delivery microservice to a secured Add-on service
To set up a connection a secured Add-on service on a Content Delivery Add-on service client, that is, a machine on which one or more Content Delivery microservices run, set a number of environment variables, either system-wide or by adding a series of -D switches to your microservice installation or startup script.
Procedure
- Access your client environment.
- Create an environment variable called
openidconnecturland set it to the URL of your identity provider. - Create an environment variables called
openidconnectclientidand set it to a client ID that is authorized to obtain an access token from the identity provider. - Create an environment variables called
openidconnectclientsecretand set them to a client secret that authorizes the client identified by the client ID to obtain an access token from the identity provider. - SDL strongly recommends entering any sensitive strings, such as passwords, in encrypted form. You can obtain the encrypted form of a sensitive string by doing the following:
- In a command shell, navigate to a location that contains the files udp-core-BUILD.jar and udp-common-util-BUILD.jar, where
BUILDis the JAR file's build number. For example, you can find these files on the installation media in the folder Content Delivery\roles\api\rest\java\lib\ - Depending on your operating system, enter one of the following commands:
- Windows operating systems
-
java -cp udp-core-BUILD.jar;udp-common-util-BUILD.jar com.tridion.crypto.Encrypt INPUT - Unix operating systems
-
java -cp udp-core-BUILD.jar:udp-common-util-BUILD.jar com.tridion.crypto.Encrypt INPUT
where INPUT is the unencrypted string. (You may wish to redirect output to a file for easy copy-pasting of the tool's response.)
The tool returns the following kind of response:Configuration value = encrypted:9FUJ9CP81Oj63VhnJxcqx//pW3fP4bekeupIexctzcs=where the encrypted string is
encrypted:9FUJ9CP81Oj63VhnJxcqx//pW3fP4bekeupIexctzcs=
- In a command shell, navigate to a location that contains the files udp-core-BUILD.jar and udp-common-util-BUILD.jar, where
- Create an environment variable called
openidconnectprovidertypeand set it to one of the following values:Value Meaning AzureA Microsoft Azure identity provider Auth0An Auth0 identity provider OpenAMAn OpenAM identity provider ADFSAn Active Directory File System identity provider - Depending on your identity provider, create and set one of the following environment variables:
- If your IdP is Azure, set
openidconnectresourceto the Azure resource. - If your IdP is Auth0, set
openidconnectaudienceto the Auth0 audience. - If your IdP is OpenAM, set
openidconnectscopeto the scope of OpenAM.
- If your IdP is Azure, set
Related concepts