Enabling Encapsulation Token support in AEM

Replicating the HMAC key

The HMAC key is present as a binary property of /etc/key in the repository. You can download it separately by pressing the view link next to it:

In order to replicate the key across instances, you need to:

1. Access the AEM instance, typically an author instance, that contains the key material to copy;
Locate the com.adobe.granite.crypto.file bundle in the local file system. For example, under this path:
• /crx-quickstart/launchpad/felix/bundle21
2. The bundle.info file inside each folder will identify the bundle name.

Navigate to the data folder. For example:
• /crx-quickstart/launchpad/felix/bundle21/data
3. Copy the HMAC and master files.
4. Then, go to the target instance you want to duplicate the HMAC key to, and navigate to the data folder. For example:
• /crx-quickstart/launchpad/felix/bundle21/data
5. Paste the two files you previously copied.
6. Refresh the Crypto Bundle if the target instance is already running.
7. Repeat the above steps for all instances you want to replicate the key to.

Enabling the Encapsulated Token

Once the HMAC key has been replicated, you can enable the Encapsulated Token via the Web Console:

• Point your browser to http://serveraddress:port/system/console/configMgr
• Look for an entry called Day CRX Token Authentication Handler and click it.
• In the following window, tick the Enable encapsulated token support box and press Save.

Reference URL:
https://helpx.adobe.com/experience-manager/6-4/sites/administering/using/encapsulated-token.html