Adobe-Consulting-Services / acs-aem-commons

http://adobe-consulting-services.github.io/acs-aem-commons/
Apache License 2.0
454 stars 600 forks source link

Login for MS Office Asset Selector isn't working in AEM as a Cloud Service #2833

Open patrickheinzelmann opened 2 years ago

patrickheinzelmann commented 2 years ago

Required Information

Expected Behavior

I'm trying to login into AEM using the Asset Selector for Word on Mac. I'm using Word version 16.60.

Actual Behavior

When I enter the email address of my Adobe ID and click on the button "Continue" on the login screen inside Word, the panel opens a new browser window with the Adobe Authentication service, which redirects the request to the AEM Author https://author-p56761-e455293.adobeaemcloud.com/callback/j_security_check?_host_Info=Word%24Mac%2416.01%24en-GB%24%24%24%240&code=xxx&state=xxx which throws an error 403 (I have replaced the values for the parameters token and state in the url).

In parallel, the panel of the Asset Selector changes to page to enter the password in Word. When you enter the password in the Word panel and click button "Continue", the Asset selector opens another browser window and redirects the request to "https://adobeid-na1.services.adobe.com/renga-idprovider/pages/login_with_jwt".

This pages shows following error: There was an error with this action. Try again later.

Password-Error-Message

The panel of the Asset Selector in Word is showing a showing a spinning circle.

Word-AEM-Assets-Selector

Steps to Reproduce

  1. Install ACS AEM Commons 5.3.0 on AEM as a Cloud Service
  2. Create configuration page "ms-office" below "/content/asset-selectors" using the template "MS Office Asset Selector Page"
  3. Create Office 365 app for App using the provide XML, change the urls from "http://localhost:4502" to the url of the AEM Cloud Service
  4. Open Word on Mac and switch to tab Insert
  5. Click on button AEM Assets
  6. Go to the panel AEM Assets and click on the button "Sign in with Adobe".
  7. Try to login with your Adobe ID which has access to AEM as a Cloud Service

Links

https://adobe-consulting-services.github.io/acs-aem-commons/features/ms-office-asset-selector/index.html

davidjgonzalez commented 2 years ago

Hi @patrickheinzelmann this looks like an issue with AEM CS and Asset Selector, more than this implementation of Asset Selector (the auth cycle occurs before any ACS AEM Commons is executed - since you have to have auth to access anything on AEM Author).

Would it be possible for you to check if Asset Selector is supported by AEM CS, and if so, if its uses with MS products are supported?

I suspect we may have to mark this one as incompatible with AEM CS, unless we can get the recommended URL for the asset selector consumer to use to access AEM CS's asset selector experience.

LucaNerlich commented 2 years ago

Hi @patrickheinzelmann you need to add the ims redirect urls in your manifest.xml, for example this:

<AppDomains>
        <AppDomain>https://adobe.com</AppDomain>
        <!-- AUTH -->
        <AppDomain>https://auth.services.adobe.com</AppDomain>
        <AppDomain>https://adobeid-na1.services.adobe.com</AppDomain>
        <AppDomain>https://ims-na1.adobelogin.com</AppDomain>
        <AppDomain>https://use.typekit.net</AppDomain>
        <AppDomain>https://server.messaging.adobe.com</AppDomain>
        <AppDomain>https://adobe-api.arkoselabs.com</AppDomain>
        <AppDomain>https://delegated.identity.adobe.com</AppDomain>
        <AppDomain>https://cc-api-behance.adobe.io</AppDomain>
        <AppDomain>https://a5.behance.net</AppDomain>
        <AppDomain>https://assets.adobedtm.com</AppDomain>
        <AppDomain>https://web-sdk.aptrinsic.com</AppDomain>
        <AppDomain>https://amcglobal.sc.omtrdc.net</AppDomain>

        <AppDomain>Your deployed AEM Instance</AppDomain>
    </AppDomains>