Configure security settings for the Add-ons Service by editing the authsettings.json file. If upgrading from 9.1, you need to migrate the existing security settings so that Add-ons Service makes Access Management as the source for OpenID Connect calls rather than direct calls to the external identity provider. The old way of directly configuring a provider is deprecated in 9.5.
Before you begin
This task has the following prerequisites:
- Access Management is installed.
- You have access as an Administrator to the server where the Add-ons Service service is installed.
Procedure
- Go to the Add-ons Service root folder.
On a Windows machine, this location defaults to c:\Program Files\SDL\Tridion\Add-on Service\.
- Do one of the following:
- If you do not see a file authsettings.json in this location, create a file by that name.
- If you are upgrading SDL Tridion Sites 9.1 where you secured the Add-ons Service directly with an identity provider, you should see an existing authsettings.json file. Make a copy of the file and place it in a safe location for future reference.
- Open authsettings.json for editing.
- Include the settings from the following sample to enable security and define Access Management as the authority for making OpenID Connect calls:
{
"EnableSecurity": true,
"OpenIdConnect": {
"Audience": "Tridion.AddonService",
"Authority": https://SERVER_URL/access-management,
"ClientId": "Addon_Manager",
"ValidateAudience": true
}
}
Where SERVER_URL is the URL of the Access Management server.
- If you are editing an existing file that contains a
Mappings section, as when upgrading from 9.1, delete this section from the file. It should now only include the settings shown in step 4.
Note: From release 9.5, this section is no longer needed in authsettings.json because the mappings are done instead in Access Management.
- Save and close the file.
- Apply your changes by restarting the Add-ons Service.
Results
If you have any security settings configured in the
appsettings.json, the
authsettings.json settings now override those settings.