If you have secured your Add-ons Service, you must ensure that Content Manager can connect to it. To do so, modify the addonsSettings.json configuration file.
Before you begin
This task has the following prerequisites:
- You have access as an Administrator to the Content Manager server.
- You know the following information:
- URL of the installed Access Management service
- Client ID and Client Secret for the service account for the Add-ons Service, as configured Access Management
Procedure
- On the Content Manager server, go to the config\ subfolder of
%TRIDION_HOME% and open addonsSettings.json for editing.
- Within the
addonsSettings section, at the end of the section, ensure the presence of a subsection called openIdConnectParameters.
- Within this
openIdConnectParameters subsection, set the following properties:
| Property | Description of value |
|---|
Address | The URL of the installed Access Management application. Example: http://localhost:5000/access-management/connect/token |
ClientId | The client ID defined in Access Management for the Add-ons Service API's service account. |
ClientSecret | The client secret defined in Access Management for the Add-ons Service API's service account.
Note: The default and maximum expiration is one year. After generating a new secret, be sure to update this configuration accordingly.
|
- Save and close AddonsSettings.json.
- Consider limiting access to the file AddonsSettings.json to selected users: read access should be limited to users who run services with Add-ons, while read-write access should be limited to administrators.
- To prevent sensitive data, such as the client secret, from being seen by people with access to the file, or from being sent to the Add-on service in cleartext, go to the tools\ subfolder and run the following command:
Tridion.AddonService.ConfigProtector.exe protect -f PATH\config\AddonsSettings.json
Where PATH is the full path to the installed Add-ons Service.
The command encrypts and updates data in the file and puts the keys in the config\key\ subfolder of %TRIDION_HOME%. You can always decrypt the data later by running the same command, but using unprotect instead of protect as the verb.
- Ensure that you restrict file system access to the config\key\ subfolder of
%TRIDION_HOME% to users who run services with Add-ons only.
- Restart all Tridion services, and IIS, to apply your changes.