Learn how to enable users to access AEM Assets 6.3 within their Creative Cloud tools.

Caution:

The setup for Adobe Asset Link on AEM Assets 6.3 deployments is deprecated. AEM 6.3 requires extra modules to be installed, but AEM 6.3 maintenance roadmap does not provide more publicly available Feature Packs for this version.

Contact Enterprise Support for AEM for more information about Adobe Asset Link and AEM 6.3 deployments, including access to private installation packages.

Note:

For optimum experience with Adobe Asset Link, Adobe strongly recommends that customers upgrade to AEM 6.4.4, or later, as soon as possible. See Configuring AEM Assets for Adobe Asset Link for these versions.

Introduction

Before Creative Cloud users with Enterprise IDs and Federated IDs can access content in AEM Assets, you must configure AEM to let users connect with AEM Assets.

The following are the broad steps required to configure an AEM 6.3 instance for Adobe Asset Link:

  • Install the Adobe IMS Support feature pack and the Asset Link Support feature pack.

  • Configure AEM.

  • Manage user access control through group mapping.
  • Fine-tune query indexes

It is assumed that you have a basic knowledge of how to install and configure AEM Assets, and that you have administrative access on your AEM instance.

Install the feature packs

Adobe recommends that your AEM 6.3 deployment be updated to the latest corresponding AEM 6.3.3.x cumulative fix pack. Certain AEM features that are accessible by Adobe Asset Link are only available in later AEM versions. The following table describes artifacts required to support Adobe Asset Link for AEM 6.3. You can install the artifacts with the AEM Package Manager (http://<AEM server>:<port>/crx/packmgr/index.jsp). Learn more about working with AEM packages and downloading them from AEM Package Share.

AEM Versions Artifacts required More information
AEM 6.3.x
cq-6.3.0-featurepack-17170
Support for login with Creative Cloud Login (private Feature Pack NPR-17170)
AEM 6.3.x
adobe-asset-link-support
Extra APIs required by AEM (private Feature Pack NPR-29002)

Note:

If you do not have these packages, contact Enterprise Support for AEM to check if you are eligible.

Configure AEM

You can configure AEM manually through the AEM web console and AEM CRXDE Lite. To access the web console, navigate to Tools > Operations > Web Console, and then OSGi > Configuration from the AEM web user interface.

Then, choose OSGi > Configuration from the main menu. You can also navigate directly to the web console at (http://<AEM server>:<port>/system/console/configMgr).

Web console

While you can configure AEM for Adobe Asset Link manually, Adobe recommends that you install a configuration package to automate most of the configuration tasks. In general, you should only modify configuration parameters that are described.

Configure AEM Assets using the configuration package

The configuration package automatically sets most of the required configuration settings. Depending upon the version of AEM installed, download the appropriate configuration package.

AEM version Installation artifact More information
6.3.x adobe-asset-link-config-aem63 Configuration package for AEM 6.3.x

Note:

If you do not have these packages, visit Enterprise Support for AEM to check if you are eligible.

After you upload the configuration package, set the following configuration properties from the AEM web console, and save the changes.

Locate Adobe Granite OAuth IMS Provider Extension configuration and click  to edit it.

Property Name Value
Organization Enter the organization ID you are using in the Admin Console.
Group Mapping
Set as indicated in the Group Mapping section

Configure AEM Assets manually

If you don't use a configuration package, then you must perform these steps to configure AEM Assets for Adobe Asset Link:

  1. Locate Adobe Granite OAuth IMS Provider Extension configuration and click  to edit it.

    Set the following configuration properties as indicated, and click Save.

    Property Name Value
    Authorization Endpoint https://ims-na1.adobelogin.com/ims/authorize/v1
    Profile Endpoint https://ims-na1.adobelogin.com/ims/profile/v1
    Token Endpoint https://ims-na1.adobelogin.com/ims/token/v1
    Validation URL https://ims-na1.adobelogin.com/ims/validate_token/v1
    Extended Details URLs https://ims-na1.adobelogin.com/ims/organizations/v1
  2. Locate Adobe Granite OAuth IMS Provider configuration and click  to edit it.

    Set the following configuration properties as indicated, and click Save.

    Property Name Value
    Organization Enter the organization ID you are using in the Admin Console.
    Group Mapping
    Set as indicated in the Group Mapping section.
  3. Find the Adobe Granite Bearer Authentication Handler configuration and click  to edit it.

    Set the following configuration properties as indicated. To add the Client IDs listed, use the + button. Click Save.

    Property Name AEM Version Value
    Allowed OAuth client ids

    All

    • cc-europa-desktop_0_1
    • cc-europa-desktop_1_0
    • cc-europa-desktop_2_0
    • cc-europa-desktop_3_0
    • cc-europa-desktop_4_0
    • cc-europa-desktop_5_0
    • cc-europa-desktop_6_0
    • cc-europa-desktop_7_0
    • cc-europa-desktop_8_0
    • cc-europa-desktop_9_0
    • cc-europa-desktop_10_0

Group Mapping

Group mapping determines how groups in AEM correspond to groups in Adobe IMS. It plays an important role in how Adobe Asset Link users may be granted permission to access AEM Assets. It is recommended that the AEM administrator use groups in Adobe IMS to organize users according to which access they are to be granted in AEM.

In AEM 6.3,  group mappings must be explicitly defined in the Adobe Granite OAuth IMS Provider configuration to associate groups in Adobe IMS with groups in AEM. Each group mapping controls how members of one group in Adobe IMS are made members of another group in AEM. For example, consider a scenario where a user is a member of an Adobe IMS group assetlink-users. In this case, the following mapping can be used to add any member of that Adobe IMS group to AEM’s dam-users group to provide access to AEM Assets:

assetlink-users=dam-users

The following rules apply to group mappings:

  • If a user is a member of the Adobe IMS group that matches the left side of the mapping, they are added as a member of the AEM group on the right side of the mapping.

  • If the imsGroupRole is specified, both the user’s membership and role in the Adobe IMS group must match for the user to be added to the AEM group on the right side.

  • If a user is added to or removed from an Adobe IMS group, or if any mappings change, AEM updates the group memberships in AEM according to the current mappings. The update is made for each user the next time that user makes a request to the AEM instance through Adobe Asset Link after the AEM authentication token has expired. This update can be forced by closing and restarting the Creative Cloud application and Adobe Asset Link. 

  • The AEM group specified on the right side of a mapping must exist in the AEM instance for the mapping to be successful. It is not automatically created.

  • A wildcard can be used to add all users to an AEM group. For example, *=assetlink-users adds all authenticated users to the assetlink-users group in AEM.

  • If a user is not a member of the configured Adobe IMS Organization, or the mappings do not match existing groups, the user is created in AEM. However, the user is only assigned to the group everyone, which does not give the user access permissions through Adobe Asset Link to AEM.

Fine-tune Query indexes

AEM contains indexes that are used for efficient queries. Many of these indexes are provided in the base product. However, there are situations when a project-specific query requires a custom index. Adobe Asset Link requires two custom indexes for its efficient operation, particularly in production or sample settings with many assets or many users. These indexes are recommended but not required for "localhost"/demo instances with a light load and a relatively small number of assets. The following instructions describe how to create those indexes.

Both of these indexes are set up as a Property index. The alternative, which has already been explored, is to use a Lucene index. While a Lucene index has many advantages, it is asynchronous in nature. There is a duration (potentially minutes) in which a newly created node such as a user profile, does not appear in a query with a Lucene index. It has been observed in testing and creates a significant impact (such as "duplicate" user profiles). Therefore, the synchronous Property index must be used.

This index is used by the "My Checked Out Assets" query.

  1. In a browser, open CRXDE by going to /crx/de/index.jsp and sign in as admin.

  2. Locate the node at /oak:index, right-click on it, and select Create > Create Node.

  3. Specify cqDrivelock as the name of the node, and set the Type to oak:QueryIndexDefinition.

  4. Add the following properties to the new node:

    1. Name: type; Type: string; Value: property
    2. Name: propertyNames; Type: Name[] (click the "Multi" button); Value: cq:drivelock
  5. Click Save All.

This index is used when authenticating any request with a Bearer token.

  1. In a browser, open CRXDE by going to /crx/de/index.jsp and sign in as admin.

  2. Locate the node at /oak:index, right-click on it, and select Create > Create Node.

  3. Specify oauthid as the name of the node, and set the Type to oak:QueryIndexDefinition.

  4. Add following properties to the new node:

    1. Name: type; Type: string; Value: property
    2. Name: propertyNames; Type: Name[] (click the Multi button); Value: oauthid- (Note the hyphen.)
  5. Click Save All.

Sign in to AEM Assets

The AEM configuration for Adobe Asset Link is now complete.

The default Sign-in screen now displays two options for all users.

Existing users can use the Sign in locally (admin tasks only) option and continue using their existing credentials.

Complete Configuration

To learn how creatives can use the Adobe Asset Link panel, see Manage assets using the Adobe Asset Link panel.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy