Custom LoginModule and Closed User Groups | Community
Skip to main content
S
sneakybeaky
Level 2
October 16, 2015
Solved

Custom LoginModule and Closed User Groups

  • October 16, 2015
  • 2 replies
  • 1699 views

Hi,

We have the need to store a large number of users in an external system, and restrict areas of our CQ powered site to those users. It looks like the Closed User Group feature is a good fit for this. It also looks like we can create a custom Login Module to authenticate users against the external system.

I'm not clear though how the users would be tied against the closed user group mechanism. It seems that when you define a CUG the ACLs for the tree are updated to restrict access to the group, which is reasonable enough. However, am I right in thinking for the ACL permissions to work the users and groups would need to by synced to the JCR from the external system, similar to how the LDAP LoginModule does ? Or in other words, is it possible to keep all user and group membership details isolated in the external system while using the CUG facility ?

Thanks. 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Yogesh_Upadhyay

In theory you don't need user group in CQ for CUG. However you need something in CQ from which users (author) can select principals (user/group) and assign to page. If they can manually enter it,  thats fine as well (In that case you don't need to store any thing). You need to write custom auth handler and login module to resolve principal from external system and may be store in cookie for further handling.

Yogesh

2 replies

Yogesh_Upadhyay
Yogesh_UpadhyayAccepted solution
Level 6
October 16, 2015

In theory you don't need user group in CQ for CUG. However you need something in CQ from which users (author) can select principals (user/group) and assign to page. If they can manually enter it,  thats fine as well (In that case you don't need to store any thing). You need to write custom auth handler and login module to resolve principal from external system and may be store in cookie for further handling.

Yogesh

S
sneakybeakyAuthor
Level 2
October 16, 2015

Hi Yogesh,

When an author uses the CUG facility they set the group principal in the page property dialog, which in turn sets the ACLs in the content hierarchy. However, the group principal is selected from groups held in the JCR as far as I can tell. I think I can use the CUG auth handler as it is, but write a login module for the external system.

But what I don't understand is if it's possible for my login handler to associate user principals with group principals held in the JCR for the ACLs against the content. I'm experimenting with the LDAP Login Module to see if I can get this working with the CUG facility without syncing users & groups.

Jon  

Terms & ConditionsAccessibility statement

Loading footer...