- Ensure that all requirements described in the Requirements section are met.
- Ensure that you have the URLs for the Account Management user interface, the Account Management API, and the identity provider.
- Ensure that your identity provider is configured correctly and:
- The Client ID and Client Secret values are available.
- The Admin Studio public URL is listed as a valid redirect URI in the identity provider if you use Admin Studio. For more information, see the
redirect_uriparameter in OpenID Connect 1.0 -- Section 18.104.22.168.
- Ensure that you have access to the
account-management-2.3.x.zipfile in the Elastic Path Public Nexus repository.
- Ensure that the MySQL compatible RDBMS service is provisioned, the schema is initialized, and the username, password, and other connectivity details are available.
- Extract the files in the
account-management-2.3.x.zip. Ensure that all contents including the
account-management-apifolder are extracted. This folder contains the code to build the Docker image.
- On your computer, build the Docker image using
- Push the Docker image to Amazon ECR (Elastic Container Registry).
- Deploy the Docker image in Amazon ECS (Elastic Container Service) with appropriate settings. For more information about the settings, see the Docker Image Environment Variables section.
Docker image environment variables
|The username of the administrator account in the MySQL Account Management schema.|
|The password of the administrator account in the MySQL Account Management schema.|
|The username of the administrator account for the Felix OSGi Web Console.|
|The password of the administrator account for the Felix OSGi Web Console.|
|A URL that points to an OpenID Provider Configuration Document as defined in the OpenID Connect Discovery 1.0 standard -- Section 4. This URL ends with |
|The OAuth |
|The OAuth 2.0 client secret that is used as part of a |
|A space separated list of additional scopes that clients must request when authenticating against the identity provider. The primary use of this parameter is to set additional scopes that are required so that Account Management can determine the group membership of users. For example when using Okta, this value should be |
|The key to inspect in the |
|The value that exists in the |
|The value that exists in the |
|The JWT private key. For more information, see the Infrastructure Requirements section.|
|The JWT public key shared with Elastic Path Commerce. For more information, see the Infrastructure Requirements section.|
|Specifies how long the authentication tokens issued to use the Account Management API are valid, in seconds. The recommended value is 3600.|
Validating API Service Deployment
- In a browser, navigate to
https://(Account Management API URL)/studio.
- Open the Authentication tab and click Authenticate.
- Log in to the identity provider with the seller administrator credentials. The system redirects you to Account Management Studio.
- In the right pane, click Entry Points.
- In the Server Defaults field, click associates.
The system displays a successful Helix response consisting of a pagination element and
results: 0, indicating that:
- The Account Management API setup is complete.
- The identity provider and Account Management API integration is successful.