Allow only authenticated users to access website pages | Community
Skip to main content
B
baoyu_li
Level 3
May 7, 2021
Solved

Allow only authenticated users to access website pages

  • May 7, 2021
  • 3 replies
  • 1148 views

Hi all,

 

What is the best way to allow only authenticated users to access website pages?

The identity provider is an external system where users are stored, and authentication can be done via its API.

 

Any solution proposals that is not based on CUG(closed user group)?

Or if CUG has to be used, how can it work with an external IdP? 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Umesh_Thakur

Yes you should use the form based authentication to make a API call with user credentials to the authorization provider to get the either session data or bearer token, whichever in your case.

But this is not the only thing you need to handle.

at the same time you need to handle Access level as well that you can decide based on the token and session data of the user,

In AEM we have lots of places where you need to manage user's private data and content and its caching so after any authorization you will have to set proper request and response header to properly cache the content on dispatcher and CDN level(if applicable).

 

So all these stuff needs to be considered before execution.

 

Hope this will help.

Umesh Thakur

3 replies

Asutosh_Jena_
Community Advisor
Asutosh_Jena_Community Advisor
Community Advisor
May 7, 2021

Hi @baoyu_li 

 

As you have mentioned the identity provider is an external system, you can go ahead with the form based authentication process if you have a login page.

 

Let's say you are using OKTA as the external system, then User will need to submit the form by providing the user details and you will need to call to OKTA API to authenticate the user.

Now OKTA will return a session token which you can encrypt in AEM using the crypto support and then store it in a cookie.

 

Post successful login, everytime user make any request you can check the session token if it's valid or not and if it;s valid, then allow to access the page, else redirect back to the login page or any error page based on the business requirement.

 

If the user is trying to tamper the cookie value also, it will ensure the user is not getting the content and will redirect back them to the login or error page. You can also implement the idle time error handling where if the user is inactive for certain period of time, you can logout the user by showing somekind of warning message "the user will be logged out in 10 sec due to inactivity" or so.

 

Thanks!

    Umesh_Thakur
    Community Advisor
    Umesh_ThakurCommunity AdvisorAccepted solution
    Community Advisor
    May 7, 2021

    Yes you should use the form based authentication to make a API call with user credentials to the authorization provider to get the either session data or bearer token, whichever in your case.

    But this is not the only thing you need to handle.

    at the same time you need to handle Access level as well that you can decide based on the token and session data of the user,

    In AEM we have lots of places where you need to manage user's private data and content and its caching so after any authorization you will have to set proper request and response header to properly cache the content on dispatcher and CDN level(if applicable).

     

    So all these stuff needs to be considered before execution.

     

    Hope this will help.

    Umesh Thakur

      arunpatidar
      Community Advisor
      arunpatidarCommunity Advisor
      Community Advisor
      May 8, 2021

      Hi,

      I think you should go for saml based solution and implement permission-sensitive caching to cache-protected pages.

      Though we have implemented CUG based solution to protect the portal/pages using external IDP. let me know if you go for cug based solution. I can help.

      Arun Patidar
        Terms & ConditionsAccessibility statement

        Loading footer...