Configuring Content Composer Windows Service Authorization for IdP Authentication Type Client Credentials - Installation - Foundation 23.2 - Foundation 23.2 - Ready - Content Composer - external

Content Composer Installation

Platform
Content Composer
Product
Installation
Release
Foundation 23.2
License
Use the authentication type Client Credentials only in case no OnBase user store is available in your infrastructure. We highly recommend using the authentication type Password Grant.

The Client Credentials authentication type uses only a Client ID and a Secret value for authentication. There is no user name with password and therefore no user context.

Content Composer Windows Service uses the Client ID as the Content Composer username and group name.

Therefore, you must add the Client ID as a group to the Content Composer user rights management to be able grant rights.

To configure Content Composers user management for IdP authentication, perform the following steps:

  1. To identify the IdP Client ID your Content Composer service is using, from the %Composerdir% directory, open the CONFIG file of the respective service with a text editor that supports UTF-8.
  2. Find the idpClientId key within the <appSettings> element. Its value specifies the ID in the service application configuration file.
  3. To identify the role mapping object used by your Content Composer installation, from the %Composerdir% directory, open UserRepository.config with a text editor that supports UTF-8.
  4. Search for the attributes roleMapper and systemOId.
    • The roleMapper attribute contains the used role mapping object.
    • The systemOId attribute contains the name of the system in which this role mapping object is stored.
  5. In Content Composer Studio, switch to the system specified in the systemOId attribute.
  6. Open the role mapping object specified in the roleMapper attribute.
  7. In the role mapping object, add a new group for each IdP Client ID you are using.
    Note: If the IdP Client ID name contains spaces, replace each space with an underscore.

    Example: If the IdP Client ID name is Composer Service, name the new group Composer_Service.

  8. Assign the required roles to the newly created groups.
  9. Save and close the role mapping object.