Configuring the secured Add-on service in Content Manager
If you have secured your Add-on service, you must ensure that Content Manager can connect to it. To do so, modify the addonsSettings.json configuration file.
Procedure
- On the Content Manager server, go to the config\ subfolder of
%TRIDION_HOME%and open addonsSettings.json for editing. - Within the
addonsSettingssection, at the end of the section, ensure the presence of a subsection calledopenIdConnectParameters. - Within this
openIdConnectParameterssubsection, set the following properties:Property Mandatory or optional Description of value Addressmandatory The address of your identity provider ClientIdmandatory A client ID that identifies the client to the identity provider ClientSecretmandatory The client secret that authenticates the client identified by ClientIdclientCredentialStyleoptional If omitted, the client posts the client ID and secret as part of the request body. To post the client ID and secret using HTTP basic authentication instead, set this property to the value AuthorizationHeader.a custom parameter as defined by implementer Add custom parameters to add to your request as required by your identity provider for the purpose of obtaining an access token. For example, if your IdP is Azure, a further parameter called resourceis needed. - Save and close AddonsSettings.json.
- Consider limiting access to the file AddonsSettings.json to selected users: read access should be limited to users who run services with Add-ons, while read-write access should be limited to administrators.
- To prevent sensitive data, such as the client secret, from being seen by people with access to the file, or from being sent to the Add-on service in cleartext, go to the tools\ subfolder and run the following command:
Tridion.AddonService.ConfigProtector.exe protect -f ..\config\AddonsSettings.jsonThe command encrypts and updates data in the file and puts the keys in the config\key\ subfolder of%TRIDION_HOME%. You can always decrypt the data later by running the same command, but usingunprotectinstead ofprotectas the verb. - Ensure that you restrict file system access to the config\key\ subfolder of
%TRIDION_HOME%to users who run services with Add-ons only. - Restart all Tridion servcies, and IIS, to apply your changes.