Troubleshooting smart tags for OAuth credentials oauth-config
An open authorization configuration is required to adopt the consent to the Adobe Experience Manager application to interact with Smart Content Services in a secured manner.
JWT integration continues working till January 2025 only for the existing AMS and on-premise users.
OAuth configuration for the new AMS users oauth-config-existing-ams-users
Refer to configuration of smart content services for the configuration of OAuth services for a new user. Once done, follow these steps.
OAuth configuration for the existing AMS users oauth-config-new-ams-users
Before performing any of the steps in this methodology, you are required to implement the following:
Prerequisites prereqs-config-oauth-onprem
An OAuth configuration requires the following prerequisites:
-
Create a new OAuth integration in the Developer Console. Use the
ClientID
,ClientSecret
,OrgID
, and other properties in the steps below: -
The following files can be found at this path
/apps/system/config in crx/de
:com.**adobe**.granite.auth.oauth.accesstoken.provider.<randomnumbers>.config
com.adobe.granite.auth.ims.impl.IMSAccessTokenRequestCustomizerImpl.<randomnumber>.config
OAuth configuration for the existing AMS and On prem users steps-config-oauth-onprem
The below steps can be performed by the system admin. AMS customer may reach out to the Adobe representative or submit a support ticket following the support process.
-
Add or update the below properties in
com.adobe.granite.auth.oauth.accesstoken.provider.<randomnumbers>.config
:auth.token.provider.authorization.grants="client_credentials"
auth.token.provider.orgId="<OrgID>"
auth.token.provider.default.claims=("\"iss\"\ :\ \"<OrgID>\"")
auth.token.provider.scope="read_pc.dma_smart_content,\ openid,\ AdobeID,\ additional_info.projectedProductContext"
auth.token.validator.type="adobe-ims-similaritysearch"
- Update the
auth.token.provider.client.id
with the Client ID of the new OAuth configuration. - Update
auth.access.token.request
to"https://ims-na1.adobelogin.com/ims/token/v3"
-
Rename the file to
com.adobe.granite.auth.oauth.accesstoken.provider-<randomnumber>.config
. -
Perform the steps below in
com.adobe.granite.auth.ims.impl.IMSAccessTokenRequestCustomizerImpl.<randomnumber>.config
:- Update the property auth.ims.client.secret with the Client Secret from the new OAuth integration.
- Rename the file to
com.adobe.granite.auth.ims.impl.IMSAccessTokenRequestCustomizerImpl-<randomnumber>.config
-
Save all the changes in the content repository development console, for example, CRXDE.
-
In
System/console/configMgr
, delete the old configurations forcom.adobe.granite.auth.ims.impl.IMSAccessTokenRequestCustomizerImpl
and Access Token provider nameadobe-ims-similaritysearch
. -
Restart the console.
Validate the configuration validate-the-configuration
After you have completed the configuration, you can use a JMX MBean to validate the configuration. To validate, follow these steps.
-
Access your Experience Manager server at
https://[aem_server]:[port]
. -
Go to Tools > Operations > Web Console to open the OSGi console. Click Main > JMX.
-
Click
com.day.cq.dam.similaritysearch.internal.impl
. It opens SimilaritySearch Miscellaneous Tasks. -
Click
validateConfigs()
. In the Validate Configurations dialog, click Invoke.
The validation results are displayed in the same dialog.
Integrate with Adobe Developer Console integrate-adobe-io
As a new user, when you integrate with Adobe Developer Console, the Experience Manager server authenticates your service credentials with the Adobe Developer Console gateway before forwarding your request to the Smart Content Service. To integrate, you need an Adobe ID account that has administrator privileges for the organization and a Smart Content Service license purchased and enabled for your organization.
To configure the Smart Content Service, follow these top-level steps:
-
To generate a public key, create a Smart Content Service configuration in Experience Manager. Download a public certificate for OAuth integration.
-
[Not applicable if you are an existing user] create an integration in Adobe Developer Console.
-
Configure your deployment using the API key and other credentials from Adobe Developer Console.
Download a public certificate by creating Smart Content Service configuration download-public-certificate
A public certificate lets you authenticate your profile on the Adobe Developer Console.
-
In the Experience Manager user interface, access Tools > Cloud Services > Legacy Cloud Services.
-
In the Cloud Services page, click Configure Now under Assets Smart Tags.
-
In the Create Configuration dialog, specify a title and name for the Smart Tags configuration. Click Create.
-
In the AEM Smart Content Service dialog, use the following values:
Service URL:
https://smartcontent.adobe.io/<region where your Experience Manager author instance is hosted>
For example,
https://smartcontent.adobe.io/apac
. You can specifyna
,emea
, or,apac
as the regions where your Experience Manager author instance is hosted.note note NOTE If the Experience Manager Managed Service is provisioned before September 01, 2022, use the following Service URL: https://mc.adobe.io/marketingcloud/smartcontent
Authorization Server:
https://ims-na1.adobelogin.com
Leave the other fields blank for now (to be provided later). Click OK.
Figure: Smart Content Service dialog to provide content service URL
note note NOTE The URL provided as Service URL is not accessible via the browser and generates a 404 error. The configuration works OK with the same value of the Service URL parameter. For the overall service status and maintenance schedule, see https://status.adobe.com. -
Click Download Public Certificate for OAuth Integration, and download the public certificate file
AEM-SmartTags.crt
. Moreover, you are no longer required to upload this certificate in Adobe developer console.Figure: Settings for smart tagging service.
Create Adobe Developer Console integration create-adobe-i-o-integration
To use Smart Content Service APIs, create an integration in Adobe Developer Console to obtain API Key (generated in CLIENT ID field of Adobe Developer Console integration), TECHNICAL ACCOUNT ID, ORGANIZATION ID, and CLIENT SECRET for Assets Smart Tagging Service Settings of cloud configuration in Experience Manager.
-
Access https://developer.adobe.com/console/ in a browser. Select the appropriate account and verify that the associated organization role is system administrator.
-
Create a project with any desired name. Click Add API.
-
On the Add an API page, select Experience Cloud and select Smart Content. Click Next.
-
Choose the OAuth Server-to-Server authentication method.
-
Add/modify the Credential Name as required. Click Next.
-
Select the product profile Smart Content Services. Click Save Configured API. The OAuth API gets added under the connected credentials for the further use. You can copy the API key (Client ID) or Generate access token from it.
Figure: Configured OAuth Server-to-Server in Adobe Developer Console
Configure Smart Content Service configure-smart-content-service
To configure the integration, use the values of TECHNICAL ACCOUNT ID, ORGANIZATION ID, CLIENT SECRET, and CLIENT ID fields from the Adobe Developer Console integration. Creating a Smart Tags cloud configuration allows authentication of API requests from the Experience Manager deployment.
-
In Experience Manager, navigate to Tools > Cloud Service > Legacy Cloud Services to open the Cloud Services console.
-
Under the Assets Smart Tags, open the configuration created above. On the service settings page, click Edit.
-
In the AEM Smart Content Service dialog, use the pre-populated values for the Service URL and Authorization Server fields.
-
For the fields Api Key, Technical Account ID, Organization ID, and Client Secret, copy and use the following values generated in Adobe Developer Console integration.
table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2 Assets Smart Tagging Service Settings Adobe Developer Console integration fields Api Key CLIENT ID Technical Account ID TECHNICAL ACCOUNT ID Organization ID ORGANIZATION ID Client Secret CLIENT SECRET