Troubleshooting smart tags for OAuth credentials oauth-config

An open authorization configuration is required to adopt the consent to the Adobe Experience Manager application to interact with Smart Content Services in a secured manner.

NOTE
You cannot create new JWT credentials from June 2024 onwards. Henceforth, only OAuth Server-to-Server credentials are created.
JWT integration continues working till January 2025 only for the existing AMS and on-premise users.

OAuth configuration for the new AMS users oauth-config-existing-ams-users

Refer to configuration of smart content services for the configuration of OAuth services for a new user. Once done, follow these steps.

NOTE
If required, you can submit a support ticket following the support process.

OAuth configuration for the existing AMS users oauth-config-new-ams-users

Before performing any of the steps in this methodology, you are required to implement the following:

Prerequisites prereqs-config-oauth-onprem

An OAuth configuration requires the following prerequisites:

  • Create a new OAuth integration in the Developer Console. Use the ClientID, ClientSecret, OrgID, and other properties in the steps below:

  • The following files can be found at this path /apps/system/config in crx/de:

    • com.**adobe**.granite.auth.oauth.accesstoken.provider.<randomnumbers>.config
    • com.adobe.granite.auth.ims.impl.IMSAccessTokenRequestCustomizerImpl.<randomnumber>.config

OAuth configuration for the existing AMS and On prem users steps-config-oauth-onprem

The below steps can be performed by the system admin. AMS customer may reach out to the Adobe representative or submit a support ticket following the support process.

  1. Add or update the below properties in com.adobe.granite.auth.oauth.accesstoken.provider.<randomnumbers>.config:

    • auth.token.provider.authorization.grants="client_credentials"
    • auth.token.provider.orgId="<OrgID>"
    • auth.token.provider.default.claims=("\"iss\"\ :\ \"<OrgID>\"")
    • auth.token.provider.scope="read_pc.dma_smart_content,\ openid,\ AdobeID,\ additional_info.projectedProductContext"
      auth.token.validator.type="adobe-ims-similaritysearch"
    • Update the auth.token.provider.client.id with the Client ID of the new OAuth configuration.
    • Update auth.access.token.request to "https://ims-na1.adobelogin.com/ims/token/v3"
  2. Rename the file to com.adobe.granite.auth.oauth.accesstoken.provider-<randomnumber>.config.

  3. Perform the steps below in com.adobe.granite.auth.ims.impl.IMSAccessTokenRequestCustomizerImpl.<randomnumber>.config:

    • Update the property auth.ims.client.secret with the Client Secret from the new OAuth integration.
    • Rename the file to com.adobe.granite.auth.ims.impl.IMSAccessTokenRequestCustomizerImpl-<randomnumber>.config
  4. Save all the changes in the content repository development console, for example, CRXDE.

  5. In System/console/configMgr, delete the old configurations for com.adobe.granite.auth.ims.impl.IMSAccessTokenRequestCustomizerImpl and Access Token provider name adobe-ims-similaritysearch.

  6. Restart the console.

Validate the configuration validate-the-configuration

After you have completed the configuration, you can use a JMX MBean to validate the configuration. To validate, follow these steps.

  1. Access your Experience Manager server at https://[aem_server]:[port].

  2. Go to Tools > Operations > Web Console to open the OSGi console. Click Main > JMX.

  3. Click com.day.cq.dam.similaritysearch.internal.impl. It opens SimilaritySearch Miscellaneous Tasks.

  4. Click validateConfigs(). In the Validate Configurations dialog, click Invoke.

The validation results are displayed in the same dialog.

Integrate with Adobe Developer Console integrate-adobe-io

As a new user, when you integrate with Adobe Developer Console, the Experience Manager server authenticates your service credentials with the Adobe Developer Console gateway before forwarding your request to the Smart Content Service. To integrate, you need an Adobe ID account that has administrator privileges for the organization and a Smart Content Service license purchased and enabled for your organization.

To configure the Smart Content Service, follow these top-level steps:

  1. To generate a public key, create a Smart Content Service configuration in Experience Manager. Download a public certificate for OAuth integration.

  2. [Not applicable if you are an existing user] create an integration in Adobe Developer Console.

  3. Configure your deployment using the API key and other credentials from Adobe Developer Console.

  4. Test the configuration.

Download a public certificate by creating Smart Content Service configuration download-public-certificate

A public certificate lets you authenticate your profile on the Adobe Developer Console.

  1. In the Experience Manager user interface, access Tools > Cloud Services > Legacy Cloud Services.

  2. In the Cloud Services page, click Configure Now under Assets Smart Tags.

  3. In the Create Configuration dialog, specify a title and name for the Smart Tags configuration. Click Create.

  4. In the AEM Smart Content Service dialog, use the following values:

    Service URL: https://smartcontent.adobe.io/<region where your Experience Manager author instance is hosted>

    For example, https://smartcontent.adobe.io/apac. You can specify na, emea, or, apac as the regions where your Experience Manager author instance is hosted.

    note note
    NOTE
    If the Experience Manager Managed Service is provisioned before September 01, 2022, use the following Service URL:
    https://mc.adobe.io/marketingcloud/smartcontent

    Authorization Server: https://ims-na1.adobelogin.com

    Leave the other fields blank for now (to be provided later). Click OK.

    Experience Manager Smart Content Service dialog to provide content service URL

    Figure: Smart Content Service dialog to provide content service URL

    note note
    NOTE
    The URL provided as Service URL is not accessible via the browser and generates a 404 error. The configuration works OK with the same value of the Service URL parameter. For the overall service status and maintenance schedule, see https://status.adobe.com.
  5. Click Download Public Certificate for OAuth Integration, and download the public certificate file AEM-SmartTags.crt. Moreover, you are no longer required to upload this certificate in Adobe developer console.

    A representation of the settings created for the smart tagging service

    Figure: Settings for smart tagging service.

Create Adobe Developer Console integration create-adobe-i-o-integration

To use Smart Content Service APIs, create an integration in Adobe Developer Console to obtain API Key (generated in CLIENT ID field of Adobe Developer Console integration), TECHNICAL ACCOUNT ID, ORGANIZATION ID, and CLIENT SECRET for Assets Smart Tagging Service Settings of cloud configuration in Experience Manager.

  1. Access https://developer.adobe.com/console/ in a browser. Select the appropriate account and verify that the associated organization role is system administrator.

  2. Create a project with any desired name. Click Add API.

  3. On the Add an API page, select Experience Cloud and select Smart Content. Click Next.

  4. Choose the OAuth Server-to-Server authentication method.

  5. Add/modify the Credential Name as required. Click Next.

  6. Select the product profile Smart Content Services. Click Save Configured API. The OAuth API gets added under the connected credentials for the further use. You can copy the API key (Client ID) or Generate access token from it.

oauth config
Figure: Configured OAuth Server-to-Server in Adobe Developer Console

Configure Smart Content Service configure-smart-content-service

To configure the integration, use the values of TECHNICAL ACCOUNT ID, ORGANIZATION ID, CLIENT SECRET, and CLIENT ID fields from the Adobe Developer Console integration. Creating a Smart Tags cloud configuration allows authentication of API requests from the Experience Manager deployment.

  1. In Experience Manager, navigate to Tools > Cloud Service > Legacy Cloud Services to open the Cloud Services console.

  2. Under the Assets Smart Tags, open the configuration created above. On the service settings page, click Edit.

  3. In the AEM Smart Content Service dialog, use the pre-populated values for the Service URL and Authorization Server fields.

  4. For the fields Api Key, Technical Account ID, Organization ID, and Client Secret, copy and use the following values generated in Adobe Developer Console integration.

    table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2
    Assets Smart Tagging Service Settings Adobe Developer Console integration fields
    Api Key CLIENT ID
    Technical Account ID TECHNICAL ACCOUNT ID
    Organization ID ORGANIZATION ID
    Client Secret CLIENT SECRET
recommendation-more-help
19ffd973-7af2-44d0-84b5-d547b0dffee2