- AEMaaCS Home
- Overview
- Release Notes
- Security
- Onboarding
- Onboarding to AEM as a Cloud Service
- Learn Onboarding Concepts
- Onboarding Journey
- Onboarding Journey
- Overview to Onboarding Journey
- Getting Started with Onboarding Process
- Assign Team Members to Cloud Manager Product Profiles
- Setup Cloud Resources via Cloud Manager
- Assign Team Members to AEM as a Cloud Service Product Profiles
- Learning Path for Developers and Deployment Managers
- Learning Path for AEM Users
- AEM Reference Demos Add-On Journey
- AEM as a Cloud Service Migration Journey
- Getting Started with moving AEM as a Cloud Service
- Readiness Phase
- Implementation Phase
- Go Live
- Post Go Live
- Migration Guide to Experience Manager as a Cloud Service for Partners
- Release Notes for Migration Tools
- Cloud Acceleration Manager
- Cloud Transition Tools
- Best Practices Analyzer
- Content Transfer Tool
- Overview
- Prerequisites for Content Transfer Tool
- Guidelines and Best Practices for Using Content Transfer Tool
- Getting Started with Content Transfer Tool
- Handling Large Content Repositories
- Extracting Content from Source
- Ingesting Content into Target
- Viewing Logs for a Migration Set
- Deleting a Migration Set
- Running the Content Transfer Tool on a Publish Instance
- Troubleshooting Content Transfer Tool
- User Mapping Tool
- Code Refactoring Tools
- Sites
- AEM Sites as a Cloud Service
- Notable Changes to AEM Sites in AEM Cloud Service
- Authoring
- Getting Started
- Headless Content Author Journey
- Authoring Fundamentals
- Environment and Tools
- Adding Page Annotations
- Creating a New Site
- Creating and Organizing Pages
- Editing Page Content
- The Rich Text Editor
- Page Properties
- Previewing Content
- Publishing Pages
- Content Fragments
- Experience Fragments
- Export to CSV
- Components
- Authoring for Mobile Devices
- Creating Accessible Content (WCAG 2.1 Conformance)
- Troubleshooting
- Keyboard Shortcuts
- Authoring Features
- Projects
- Launches
- Workflows
- Personalization
- Personalization Overview
- Previewing Pages Using ContextHub Data
- Authoring Targeted Content Using Targeting Mode
- Working with Targeted Content in Multisites
- How Multisite Management for Targeted Content is Structured
- Managing Activities
- Managing Audiences
- Creating and Managing Offers
- Understanding Segmentation
- Configuring Segmentation with ContextHub
- Registration, Login, and User Profile
- Administering
- Site Creation
- Administering Workflows
- Reusing Content
- MSM and Translation
- Multi Site Manager
- Translation
- Sites Translation Journey
- Headless Translation Journey
- Translating Content for Multilingual Sites
- Preparing Content for Translation
- Managing Translation Projects
- Language Copy Wizard
- Identifying Content to Translate
- Configuring the Translation Integration Framework
- Connecting to Microsoft Translator
- Translation Best Practices
- Integrating with AEM as a Cloud Service
- Assets
- Assets as a Cloud Service
- Overview and what’s new
- Notable Changes to Assets as a Cloud Service
- Assets architecture
- Supported file formats
- Overview of asset microservices
- Accessibility in Assets
- Manage digital assets
- Share assets
- Monitor activities and DAM tasks
- Get started using asset microservices
- Add and upload assets
- Search assets
- Common asset management tasks
- Preview 3D assets
- Smart tags for images
- Smart tag your video assets
- How to organize assets
- Use Adobe Stock assets
- Manage collections
- Metadata overview
- Integrate with Adobe Creative Cloud
- How to add or edit metadata
- Review folder assets and collections
- Use and configure Assets Insights
- Metadata profiles
- Metadata schema
- Manage video assets
- Reuse assets using MSM
- Download assets
- Check-in and check-out assets to edit
- Create and share private folders
- Digital Rights Management for assets
- Watermark assets
- Process assets using Creative Cloud APIs
- Configure, administer, and extend Assets
- Developer docs and APIs references
- Folder metadata schema
- Work with image and video profiles
- Multilingual assets and translation
- Search facets
- Assets HTTP API
- Content Fragments support in Assets HTTP API
- GraphQL API for Content Fragments
- Authentication for Remote GraphQL Queries on Content Fragments
- GraphQL API with Content Fragments - Sample Content and Queries
- Connected Assets
- Generate For Placement Only renditions
- Asset reports
- Cascading metadata
- XMP metadata
- MediaLibrary capabilities
- Import and export asset metadata
- Share and distribute assets
- Content Fragments
- Working with Content Fragments
- Headless Delivery with Content Fragments and GraphQL
- Enable Content Fragment Functionality for your Instance
- Content Fragment Models
- Managing Content Fragments
- Variations - Authoring Fragment Content
- Content Fragment Associated Content
- Metadata - Fragment Properties
- Content Fragments - Delete Considerations
- Markdown
- Structure Tree
- Preview - JSON Representation
- Dynamic Media
- Dynamic Media newsletter archive by Experience League
- Set up Dynamic Media
- Work with Dynamic Media
- Configure Dynamic Media
- Optional - Configure Dynamic Media, General Settings
- Optional - Configure Dynamic Media, Publish Setup
- Troubleshoot Dynamic Media
- Accessibility in Dynamic Media
- Manage Dynamic Media assets
- Best practices for optimizing the quality of your images
- Image Profiles
- Video Profiles
- Manage Dynamic Media Image Presets
- Apply Dynamic Media Image Presets
- Manage Dynamic Media Viewer Presets
- Apply Dynamic Media Viewer Presets
- Batch Set Presets
- Invalidate the CDN cache by way of Dynamic Media
- Invalidate the CDN cache by way of Dynamic Media Classic
- Smart Imaging
- Deliver Dynamic Media assets
- Activate hotlink protection in Dynamic Media
- 3D Support
- Image Sets
- Panoramic Images
- Mixed Media Sets
- Spin Sets
- Video in Dynamic Media
- Carousel Banners
- Interactive Images
- Interactive Videos
- 360 VR Video
- Integrate Dynamic Media Viewers with Adobe Analytics and Adobe Experience Platform Tags
- Create custom pop-ups using Quickview
- Deliver optimized images for a responsive site
- Preview Dynamic Media assets
- Add Dynamic Media assets to pages
- Embed the Dynamic Video or Image viewer on a web page
- Link URLs to your web application
- Use Rulesets to transform URLs
- Publish Dynamic Media assets
- Work with Selective Publish in Dynamic Media
- Work with Selectors
- HTTP2 Delivery of Content FAQ
- Flash Viewers End-of-Life
- DHTML Viewers End-of-Life
- Integration with other solutions
- Forms
- Introduction
- Key features
- Notable changes
- Setup and configure the service
- Manage user groups, forms, and related assets
- Convert PDF forms to Adaptive Forms
- Create and publish an Adaptive Form
- Before you start
- Create an Adaptive Form
- Add components to an Adaptive Form
- Configure layout and apply style to an Adaptive Form
- Add rules and use expressions in an Adaptive Form
- Use Adobe Sign
- Configure Submit Actions and metadata submission
- Generate Document of Record
- Add or improve metadata
- Improve accessibility of an Adaptive Form
- Configure Forms Portal
- Integrate a form with one or more data sources
- Integrate with Adobe Sign
- Integrate with DocuSign
- Integrate with Sites
- Integrate with Adobe Analytics
- Create and use workflows
- Using Communications
- Migrate to AEM Forms as a Cloud Service
- Frequently asked questions
- Known issues
- Troubleshoot
- Screens
- AEM Screens as a Cloud Service
- Overview to Screens as a Cloud Service
- Onboarding to Screens as a Cloud Service
- Configuring Screens as a Cloud Service Project
- Creating Content
- Managing Player and Registration
- Using Code Product Features
- Developing in Screens as a Cloud Service
- Screens as a Cloud Service FAQs
- Content and Commerce
- Implementing
- Implementing Applications for AEM as a Cloud Service
- Using Cloud Manager
- Release Notes for Cloud Manager
- Understanding Programs and Program Types
- Production Programs
- Sandbox Programs
- Creating an AEM Application Project
- Managing Environments
- Managing your Code
- Environment Variables
- Cloud Manager CI-CD Pipelines
- Deploying your Code
- Understanding your Test Results
- Accessing and Managing Logs
- SLA Reporting
- User Access to New Relic
- Understanding Notifications
- Managing SSL Certificates
- Managing Custom Domain Names
- Introduction
- Getting a Custom Domain Name
- Adding a Custom Domain Name
- Adding a TXT Record
- Checking Custom Domain Name Status
- Configuring DNS Settings
- Checking DNS Record Status
- Viewing & Updating & Replacing a Custom Domain Name
- Updating a Custom Domain Name’s SSL Certificate
- Deleting a Custom Domain Name
- Managing IP Allow Lists
- Cloud Manager FAQs
- Developing for AEM as a Cloud Service
- AEM Project Structure
- AEM Project Repository Structure Package
- AEM as a Cloud Service SDK
- AEM as a Cloud Service Development Guidelines
- Logging
- Configurations and the Configuration Browser
- AEM Technical Foundations
- API Reference Materials
- Generating Access Tokens for Server Side APIs
- Quick Site Creation and Front-End Customization
- Developing Sites with the Front-End Pipeline
- Customizing Site Templates and Themes
- Headful and Headless in AEM
- Full Stack AEM Development
- Getting Started Developing AEM Sites - WKND Tutorial
- Structure of the AEM UI
- Sling Cheatsheet
- Using Sling Adapters
- Using the Sling Resource Merger in AEM as a Cloud Service
- Overlays in AEM as a Cloud Service
- Using Client-Side Libraries
- Page Diff
- Editor Limitations
- Naming Conventions
- Components and Templates
- AEM Tagging Framework
- Building Tagging into AEM Applications
- Search
- Custom Error Pages
- AEM Node Types
- Headless Experience Management
- Headless and AEM
- Headless Journeys
- Headless Developer Journey
- Understand Headless in AEM
- Learn about CMS Headless Development
- Getting Started with AEM Headless as a Cloud Service
- Path to your first experience using AEM Headless
- How to model your content as AEM Content Models
- How to access your content via AEM delivery APIs
- How to update your content via AEM Assets APIs
- How to put it all together
- How to go live with your headless application
- Optional - How to create single page applications with AEM
- AEM Headless Content Architect Journey
- Headless Developer Journey
- Headless Getting Started Guide
- Content Fragments
- Headless Delivery with Content Fragments and GraphQL
- Working with Content Fragments
- Enable Content Fragment Functionality for your Instance
- Content Fragment Models
- Managing Content Fragments
- Variations - Authoring Fragment Content
- Markdown
- Using Associated Content
- Metadata - Fragment Properties
- Structure Tree
- Preview - JSON Representation
- Delivery API
- Hybrid and SPA Development
- Hybrid and SPA with AEM
- Enabling JSON Export for a Component
- SPA Introduction and Walkthrough
- SPA WKND Tutorial
- Getting Started using React
- Getting Started using Angular
- SPA Deep Dives
- Developing SPAs for AEM
- SPA Editor Overview
- SPA Blueprint
- SPA Page Component
- Dynamic Model to Component Mapping
- Model Routing
- The RemotePage Component
- Editing an External SPA within AEM
- Composite Components in SPAs
- Server Side Rendering
- Enabling JSON Export for a Component
- Launch Integration
- SPA Reference Documents
- Developer Tools
- Personalization
- Configuring and Extending AEM as a Cloud Service
- Deploying to AEM as a Cloud Service
- Author Tier
- Content Delivery Overview
- Connectors
- Operations
- Compliance
OAuth2 Support for the Mail Service
AEM as a Cloud Service offers OAuth2 support for its integrated Mail Service, in order to allow organizations to adhere to secure email requirements.
You can configure OAuth for multiple email providers. Below are step-by-step instructions for configuring the AEM Mail Service to authenticate via OAuth2 with Microsoft Office 365 Outlook. Other vendors can be configured in a similar manner.
For more information on the AEM as a Cloud Service Mail Service, see Sending Email.
Microsoft Outlook
-
Go to https://portal.azure.com/ and log in.
-
Search for Azure Active Directory in the search bar and click on the result. Alternatively, you can browse directly to https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview
-
Click on App Registration - New Registration
-
Fill in the information according to your requirements, then click on Register
-
Go to the newly created app, and select API Permissions
-
Go to Add Permission - Graph Permission - Delegated Permissions
-
Select the below permissions for your app, then click Add Permission:
SMTP.SendMail.ReadMail.Sendopenidoffline_access
-
Go to Authentication - Add a platform - Web, and in the Redirect Urls section, add the below URLs - one with and one without a forward slash:
http://localhost/http://localhost
-
Press Configure after adding each URL and configure your settings according to your requirements
-
Next, go to Certificates and Secrets, click on New client secret and follow the on screen steps to create a secret. Make sure to take note of this secret for later use
-
Press Overview in the left hand pane and copy the values for Application (client) ID and Directory (tenant) ID for later use
To recap, you will need to the following information to configure OAuth2 for the Mail service on the AEM side:
- The Auth URL, which will be constructed with the tenant ID. It will have this form:
https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/authorize - The Token URL, which will be constructed with the tenant ID. It will have this form:
https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token - The Refresh URL, which will be constructed with the tenant ID. It will have this form:
https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token - The Client ID
- The Client Secret
Generating the Refresh Token
Next, you need to generate the refresh token, which will be a part of the OSGi configuration in a subsequent step.
You can do this by following these steps:
-
Open the following URL in the browser after replacing
clientIDandtenantIDwith the values specific to your account:https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/authorize?client_id=<clientId>&response_type=code&redirect_uri=http://localhost&response_mode=query&scope=https%3A%2F%2Foutlook.office365.com%2FSMTP.Send%20EWS.AccessAsUser.All%20https%3A%2F%2Foutlook.office365.com%2FSMTP.Send%20https%3A%2F%2Foutlook.office365.com%2FMail.Read%20https%3A%2F%2Foutlook.office365.com%2FMail.Send%20openid%20offline_access&state=12345 -
Allow permission when asked
-
The URL will redirect to a new location, constructed in this format:
http://localhost/?code=<code>&state=12345&session_state=4f984c6b-cc1f-47b9-81b2-66522ea83f81# -
Copy the value of
<code>in the example above -
Use the following cURL command to get the refreshToken. You need to replace the tenantID, clientID and clientSecret with the values for your account, as well as the value for
<code>:curl --location --request POST 'https://login.microsoftonline.com/<tenantId>/oauth2/v2.0/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Cookie: buid=0.ARgAep0nU49DzUGmoP2wnvyIkcQjsx26HEpOnvHS0akqXQgYAAA.AQABAAEAAAD--DLA3VO7QrddgJg7Wevry9XPJSKbGVlPt5NWYxLtTl3K1W0LwHXelrffApUo_K02kFrkvmGm94rfBT94t25Zq4bCd5IM3yFOjWb3V22yDM7-rl112sLzbBQBRCL3QAAgAA; esctx=AQABAAAAAAD--DLA3VO7QrddgJg7Wevr4a8wBjYcNbBXRievdTOd15caaeAsQdXeBAQA3tjVQaxmrOXFGkKaE7HBzsJrzA-ci4RRpor-opoo5gpGLh3pj_iMZuqegQPEb1V5sUVQV8_DUEbBv5YFV2eczS5EAhLBAwAd1mHx6jYOL8LwZNDFvd2-MhVXwPd6iKPigSuBxMogAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; fpc=Auv6lTuyAP1FuOOCfj9w0U_5vR5dAQAAALDXP9gOAAAAwIpkkQEAAACT2T_YDgAAAA' \ --data-urlencode 'client_id=<clientID>' \ --data-urlencode 'scope=https://outlook.office365.com/SMTP.Send https://outlook.office365.com/Mail.Read https://outlook.office365.com/Mail.Send openid' \ --data-urlencode 'redirect_uri=http://localhost' \ --data-urlencode 'grant_type=authorization_code' \ --data-urlencode 'client_secret=<clientSecret>' \ --data-urlencode 'code=<code>' -
Make note of the refreshToken and accessToken.
Validating the Tokens
Before proceeding to configure OAuth on the AEM side, make sure to validate both the accessToken and refreshToken with the below procedure:
-
Generate the accessToken by using the refreshToken produced in the previous procedure. You can achieve this with following curl, replacing the values for
<client_id>,<client_secret>and<refreshToken>:curl --location --request POST 'https://login.microsoftonline.com/<tenetId>/oauth2/v2.0/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Cookie: buid=0.ARgAep0nU49DzUGmoP2wnvyIkcQjsx26HEpOnvHS0akqXQgYAAA.AQABAAEAAAD--DLA3VO7QrddgJg7Wevry9XPJSKbGVlPt5NWYxLtTl3K1W0LwHXelrffApUo_K02kFrkvmGm94rfBT94t25Zq4bCd5IM3yFOjWb3V22yDM7-rl112sLzbBQBRCL3QAAgAA; esctx=AQABAAAAAAD--DLA3VO7QrddgJg7Wevr4a8wBjYcNbBXRievdTOd15caaeAsQdXeBAQA3tjVQaxmrOXFGkKaE7HBzsJrzA-ci4RRpor-opoo5gpGLh3pj_iMZuqegQPEb1V5sUVQV8_DUEbBv5YFV2eczS5EAhLBAwAd1mHx6jYOL8LwZNDFvd2-MhVXwPd6iKPigSuBxMogAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; fpc=Auv6lTuyAP1FuOOCfj9w0U_IezHLAQAAAPeNSdgOAAAA' \ --data-urlencode 'client_id=<client_id>' \ --data-urlencode 'scope=https://outlook.office365.com/SMTP.Send https://outlook.office365.com/Mail.Read https://outlook.office365.com/Mail.Send openid' \ --data-urlencode 'redirect_uri=http://localhost' \ --data-urlencode 'grant_type=refresh_token' \ --data-urlencode 'client_secret=<client_secret>' \ --data-urlencode 'refresh_token=<refreshToken>' -
Send a mail using the accessToken, to see if is working properly.
You can get the Postman API collection from this location.
Integration with AEM as a Cloud Service
-
Create an OSGI property file called
com.day.cq.mailer.oauth.impl.OAuthConfigurationProviderImpl.cfg.jsonunder/apps/<my-project>/osgiconfig/configwith the following syntax:{ authUrl: "<Authorization Url>", tokenUrl: "<Token Url>", clientId: "<clientID>", clientSecret: "$[secret:SECRET_SMTP_OAUTH_CLIENT_SECRET]", scopes: [ "scope1", "scope2" ], refreshUrl: "<Refresh token Url>", refreshToken: "$[secret:SECRET_SMTP_OAUTH_REFRESH_TOKEN]" } -
Fill in the
authUrl,tokenUrlandrefreshURLby constructing them as described in the previous section. -
Add the following Scopes to the configuration:
openidoffline_accesshttps://outlook.office365.com/Mail.Sendhttps://outlook.office365.com/Mail.Readhttps://outlook.office365.com/SMTP.Send
-
Create an OSGI property file
called com.day.cq.mailer.impl.DefaultMailService.cfg.json
under/apps/<my-project>/osgiconfig/configwith the following syntax:{ "smtp.host": "<smtp hostname>" "smtp.user": "<user account that logged into get the oauth tokens>", "smtp.password": "value not used", "smtp.port": 587, "from.address": "<from address used for sending>" "smtp.ssl": false, "smtp.starttls": true, "smtp.requiretls": true, "debug.email": false, "oauth.flow": true } -
For outlook, the
smtp.hostconfiguration value issmtp.office365.com -
At runtime, pass in the
refreshToken valuesandclientSecretsecrets using the Cloud Manager variables API as described here. The values for the variablesSECRET_SMTP_OAUTH_REFRESH_TOKENandSECRET_SMTP_OAUTH_CLIENT_SECRETshould be defined.
Troubleshooting
If the mail service is not working properly, you will, in most cases, need to regenerate the refreshToken as described above, passing in the new value via Cloud Manager API. It will take a few minutes for the new value to be deployed.
Resources on adobe.com
Resources
Adobe Account
