Persisting Users to external database | Community
Skip to main content
K
Katrien1
Level 3
October 16, 2015
Solved

Persisting Users to external database

  • October 16, 2015
  • 12 replies
  • 3258 views

I want to persist /home/users to a location outside of the AEM application. I read I could connect AEM to an external database so I assume that's a way to do this. But in that case my entire JCR would be external, and I suspect this might have performance issues.

Hence my question. Would it be possible to only keep user data (password and username) outside of the JCR. I would like to still make use of CUG for protected pages. So in other words, I am looking for a solution that won't disrupt too much any OOB user functionality.

Apologies if this question has been asked before, but I can hardly search the forum at the moment, I get blank pages returned.

Many thanks, K

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Ove_Lindström

No, you don't have to persist the whole JCR. Connecting to a database is the same as connecting to a REST service. You just setup a data connection in a Java class, same as you do with any database connection, then read the /home/user info and push it into the database.

Then, if you change the user in the database, you still need to sync the information into /home/users. If you search for SAML integration or LDAP integration, that is basically what they are doing.

 

/Ove

12 replies

joerghoh
Adobe Employee
joerghohAdobe Employee
Adobe Employee
October 16, 2015

Why do you want to persist user data outside of the repository? If you already have an external IdentityManagement system, which offers LDAP connectivity, you can easily attach AEM to it. Or if you already have a SSO solution. But I haven't seen a convincing reason not to have an IDM or SSO, but to place userdata outside of the repository.

Jörg

O
Ove_LindströmAccepted solution
Level 6
October 16, 2015

No, you don't have to persist the whole JCR. Connecting to a database is the same as connecting to a REST service. You just setup a data connection in a Java class, same as you do with any database connection, then read the /home/user info and push it into the database.

Then, if you change the user in the database, you still need to sync the information into /home/users. If you search for SAML integration or LDAP integration, that is basically what they are doing.

 

/Ove

smacdonald2008
smacdonald2008
Level 10
October 16, 2015

As Ove suggests - you can open a connection to an external database like MySql. You can use a DataSourcePool. See this community article on how to do this:

http://helpx.adobe.com/experience-manager/using/datasourcepool.html.

K
Katrien1Author
Level 3
October 16, 2015

Thanks everyone.

So if I use SSO e.g. using SAML, does all other functionality then continues to work as it does with users inside the JCR? So, e.g. can I still use CUG on protected pages? Will the OOB login component work? 

The reason for not having users in the JCR is because that would mean the JCR needs to live in our data tier within our company's infrastructure. Perhaps I should have made that clearer when I first asked the question. 

Appreciate if anyone can reply to above question. Many thanks.

Katrien

Sham_HC
Sham_HC
Level 10
October 16, 2015

jcbsktrn1 wrote...

So if I use SSO e.g. using SAML, does all other functionality then continues to work as it does with users inside the JCR? So, e.g. can I still use CUG on protected pages? Will the OOB login component work? 

The reason for not having users in the JCR is because that would mean the JCR needs to live in our data tier within our company's infrastructure. Perhaps I should have made that clearer when I first asked the question. 

Yes all functionality will work.   With SSO enabled you will have own login page & can redirect there. No need to use OOB login component. If you need to use need some customization based on your requirement & integration point. 

K
Katrien1Author
Level 3
October 16, 2015

Ok, one more question on SAML, will the user still exist within the JCR as well? But without password?

K
Katrien1Author
Level 3
October 16, 2015

Ok, I think there is some confusion. I am actually talking about SITE users, not AEM users. I don't want to store any user data of site visitors in the JCR. I think that's where maybe the confusion is. For security reasons in my company we don't want to store customer data / user data in the JCR. Anyone tried that before? I have managed to set up SSO for backend users, that's no problem. But that's not the problem I'm trying to resolve.

Sham_HC
Sham_HC
Level 10
October 16, 2015

jcbsktrn1 wrote...

Ok, one more question on SAML, will the user still exist within the JCR as well? But without password?

 

yes

joerghoh
Adobe Employee
joerghohAdobe Employee
Adobe Employee
October 16, 2015

OK, I got it. you want to store user information outside of JCR and do the authentication via SSO. And your question is, if you still can use the authorization features of CQ. Is that correct?

K
Katrien1Author
Level 3
October 16, 2015

Yes I guess that's the correct question. But the user in this context is not an author, but a site visitor. So will authentication, protected pages, commenting (with username) still work. And how would that best be configured?

Many thanks

Show more replies
Terms & ConditionsAccessibility statement

Loading footer...