Configure AEM Assets with Brand Portal
Adobe Experience Manager (AEM) Assets is configured with Brand Portal via Adobe Developer Console, which procures an IMS token for authorization of your Brand Portal tenant.
Configuring AEM Assets with Brand Portal via Adobe Developer Console is supported on AEM 184.108.40.206 and above.
Earlier, Brand Portal was configured in Classic UI via Legacy OAuth Gateway, which uses the JWT token exchange to obtain an IMS Access token for authorization.
Configuration via Legacy OAuth is no longer supported from April 6, 2020, and is changed to configuring via Adobe Developer Console.
For existing customers only
It is recommended to continue using existing legacy OAuth Gateway configuration. In case, you encounter problems with legacy OAuth Gateway configuration, delete the existing configuration and create new configuration via Adobe Developer Console.
This help describes the following two use-cases:
- New configuration : If you are a new Brand Portal user and want to configure your AEM Assets author instance with Brand Portal, you can create new configuration on Adobe Developer Console.
- Upgrade configuration : If you are an existing Brand Portal user with your AEM Assets author instance configured with Brand Portal on legacy OAuth Gateway, it is recommended to delete the existing configurations and create new configuration on Adobe Developer Console.
The information provided is based on the assumption that anyone reading this Help is familiar with the following technologies:
- Installing, configuring, and administering Adobe Experience Manager and AEM packages.
- Using Linux and Microsoft Windows operating systems.
You require the following to configure AEM Assets with Brand Portal:
- An up and running AEM Assets author instance with latest Service Pack.
- Brand Portal tenant URL.
- A user with system administrator privileges on the IMS organization of the Brand Portal tenant.
Download and install AEM 6.5
It is recommended to have AEM 6.5 to set up an AEM author instance. If you do not have AEM up and running, download it from the following locations:
- If you are an existing AEM customer, download AEM 6.5 from Adobe Licensing website .
- If you are an Adobe partner, use Adobe Partner Training Program to request AEM 6.5.
After you download AEM, for instructions to set up an AEM author instance, see deploying and maintaining .
Download and install AEM latest Service Pack
For detailed instructions see,
Contact Customer Care if you are unable to find the latest AEM package or Service Pack.
Configuring AEM Assets with Brand Portal requires configurations in both, AEM Assets author instance as well as in Adobe Developer Console.
- In AEM Assets author instance, create an IMS account and generate a public certificate (public key).
- In Adobe Developer Console, create a project for your Brand Portal tenant (organization).
- Under the project, configure an API using the public key to create a service account (JWT) connection.
- Get the service account credentials and JWT payload information.
- In AEM Assets author instance, configure the IMS account using the service account credentials and JWT payload.
- In AEM Assets author instance, configure the Brand Portal cloud service using the IMS account and Brand Portal endpoint (organization URL).
- Test the configuration by publishing an asset from AEM Assets author instance to Brand Portal.
A Brand Portal tenant shall only be configured with one AEM Assets author instance.
Do not configure a Brand Portal tenant with multiple AEM Assets author instances.
Perform the following steps in the listed sequence if you are configuring AEM Assets with Brand Portal for the first-time:
Obtain public certificate
Public certificate allows you to authenticate your profile on Adobe Developer Console.
- Log in to your AEM Assets author instance. The default URL is http:// localhost:4502/aem/start.html
- From the Tools panel, navigate to Security > Adobe IMS Configurations .
- In Adobe IMS Configurations page, click Create .
- You are redirected to the Adobe IMS Technical Account Configuration page. By default, the Certificate tab opens.Select the cloud solution Adobe Brand Portal .
- Mark the checkbox Create new certificate and specify an alias for the certificate. The alias serves as name of the dialog.
- Click Create certificate . Then, click OK in the dialog box to generate the public certificate.
- Click Download Public Key and save the certificate (.crt) file on your machine.The certificate file will be used in further steps to configure API for your Brand Portal tenant and generate service account credentials in Adobe Developer Console.
- Click Next .In the Account tab, you create the Adobe IMS account but for that you will need the service account credentials that are generated in Adobe Developer Console. Keep this page open for now.Open a new tab and create a service account (JWT) connection in Adobe Developer Console to get the credentials and JWT payload for configuring the IMS account.
Create service account (JWT) connection
In Adobe Developer Console, projects and APIs are configured at organization (Brand Portal tenant) level. Configuring an API creates a service account (JWT) connection in Adobe Developer Console. There are two methods to configure API, by generating a key pair (private and public keys) or by uploading a public key. To configure AEM Assets author instance with Brand Portal, you must generate a public certificate (public key) in AEM Assets author instance and create credentials in Adobe Developer Console by uploading the public key. This public key is used to configure API for the selected Brand Portal organization and generates the credentials and JWT payload for the service account. These credentials are further used to configure the IMS account in AEM Assets author instance. Once the IMS account is configured, you can configure the Brand Portal cloud service in AEM Assets author instance.
Perform the following steps to generate the service account credentials and JWT payload:
- Log in to Adobe Developer Console with system administrator privileges on the IMS organization (Brand Portal tenant). The default URL isEnsure that you have selected the correct IMS organization (Brand Portal tenant) from the dropdown (organization list) located at the upper-right corner.
- Click Create new project . A blank project is created for your organization.Click Edit project to update the Project Title and Description , and click Save .
- In the Project overview tab, click Add API .
- In the Add an API window, select AEM Brand Portal and click Next .Ensure that you have access to the AEM Brand Portal service.
- In the Configure API window, click Upload your public key . Then, click Select a File and upload the public certificate (.crt file) that you have downloaded in the obtain public certificate section.Click Next .
- Verify the public certificate and click Next .
- Select the default product profile Assets Brand Portal and click Save configuration .
- With the API configured, you are redirected to the API overview. From the left navigation under Credentials , click Service Account (JWT) .You can view the credentials and perform other actions (generate JWT tokens, copy credential details, retrieve client secret, and so on) as needed.
- From the Client Credentials tab, copy the client ID .Click Retrieve Client Secret and copy the client secret .
- Navigate to the Generate JWT tab and copy the JWT Payload .
You can now use the client ID (API key), client secret, and JWT payload to configure the IMS account in AEM Assets cloud instance.
Create IMS Account configuration
Ensure that you have performed the following steps:
Perform the following steps to configure the IMS account that you have created in obtain public certificate .
- Open the IMS Configuration and navigate to the Accounts tab. You kept the page open while obtaining public certificate .
- Specify a Title for the IMS account.In Authorization Server , enter the URL: https://ims-na1.adobelogin.com/Paste the client ID in API key, client secret, and JWT payload that you have copied while creating the service account (JWT) connection .Click Create .The IMS account is configured.
- Select the IMS configuration and click Check Health .Click Check in the dialog box. On successful configuration, a message appears that the Token is retrieved successfully .
You must have only one IMS configuration. Do not create multiple IMS configurations.
Ensure that the IMS configuration passes the health check. If the configuration does not pass the health check, it is invalid. You must delete it and create a new, valid configuration.
Configure cloud service
Perform the following steps to create Brand Portal cloud service:
- Log in to your AEM Assets author instance.
- From the Tools panel, navigate to Cloud Services > AEM Brand Portal .
- In the Brand Portal Configurations page, click Create .
- Specify a Title for the configuration.Select the IMS configuration that you have created while configuring the IMS account .In the Service URL , enter your Brand Portal tenant (organization) URL.
- Click Save and Close . The cloud configuration is created. Your AEM Assets author instance is now configured with the Brand Portal tenant.
Perform the following steps to validate the configuration:
- Log in to your AEM Assets cloud instance.
- From the Tools panel, navigate to Deployment > Replication .
- In the Replication page, click Agents on author .
- Four replication agents are created for each tenant.Locate the replication agents of your Brand Portal tenant.Click the replication agent URL.The replication agents work in parallel and share the job distribution equally, thereby increasing the publishing speed by four times the original speed. After the cloud service is configured, additional configuration is not required to enable the replication agents that are activated by default to enable parallel publishing of multiple assets.
- To verify the connection between AEM Assets and Brand Portal, click Test Connection .A message appears at the bottom of page that your test package is successfully delivered.
- Verify the test results on all four replication agents one-by-one.Avoid disabling any of the replication agents. It may cause the replication of some of the assets to fail.
Your AEM Assets author instance is successfully configured with Brand Portal, you can now:
- Configure Asset Sourcing enabling the Brand Portal users to contribute and publish assets to AEM Assets.
Perform the following steps in the listed sequence to upgrade existing configurations:
Verify running jobs
Ensure that no publishing job is running on your AEM Assets author instance before you make any modifications. For that, you can verify all four replication agents and ensure that the queues are empty.
- Log in to your AEM Assets author instance.
- From the Tools panel, navigate to Deployment > Deployment Replication .
- In the Replication page, click Agents on author .
- Locate the replication agents of your Brand Portal tenant.Ensure that the Queue is Idle for all the replication agents, no publishing job is active.
Delete existing configurations
You must run the following check-list while deleting the existing configurations.
- Delete all four replication agents
- Delete cloud service
- Delete MAC user
- Log in to your AEM Assets author instance and open CRX Lite as an administrator. The default URL ishttp:// localhost:4502/crx/de/index.jsp
- Navigate to /etc/replications/agents.author and delete all the four replication agents of your Brand Portal tenant.
- Navigate to /etc/cloudservices/mediaportal and delete the Cloud Service configuration .
- Navigate to /home/users/mac and delete the MAC user of your Brand Portal tenant.
You can now create configuration via Adobe Developer Console on your AEM 6.5 author instance.