Skip to main content
A
asn11
Level 4
August 10, 2016

Query about custom authentication handler , how to apply CUG like functionality

  • August 10, 2016
  • 1 risposta
  • 2982 visualizzazioni

If I am using a custom Authentication handler and my users reside in some database.

In extract Credentials method I authenticate my user from request i.e. j_username check that it exists and password is correct probably from database, I ask TokenUtil to create credentials to create necessary login token for that user to have access to aem.

But in such cases, how / who decides if user has access to that particular cases, which in crx based login would be done by group /CUG associated to that user.

Here since I would not have any user created in crx how the authorization should happen to see if that user has access to that page?

any help is welcome.

 

Regards.

Questo argomento è stato chiuso alle risposte.

1 risposta

Tuhin_Ghosh
Tuhin_Ghosh
Level 8
August 11, 2016

Below here is one documentation I made for internal use. Hope this helps.

To configure such a area within follow the below steps:

APPLYING YOUR CLOSED USER GROUP TO CONTENT PAGES

 

To apply the CUG to a page:

 

    • Navigate to the root page of the restricted section you want to assign to your CUG.

    • Open the Page Properties (from the Page tab in the Sidekick).

    • Open the Advanced tab.

    • Expand the Closed User Group pane.

    • Click Enabled to define that this page (and any child pages) belong to a CUG.

    • Specify the Login Page that members of the group will use; for example:
      /content/geometrixx/en/toolbar/login.html
      This is optional, if left blank the standard login page will be used.

    • Add the Admitted Groups. Use + to add groups or - to remove. Only members of these groups will be allowed to log in and access the pages.

    • Assign a Realm (a name for the groups of pages) if required. Leave empty to use the page title.

    • Click OK to save the specification.

A
asn11Autore
Level 4
August 11, 2016

HI Tuhin,

Thanks for the reply.

But this will be possible when I have groups and users in AEM . I am talking about not having users and groups in AEM but have them store outside of AEM.

How / who would be doing the authorization part in that case?

Regards

O
Adobe Employee
ogillAdobe Employee
Adobe Employee
August 11, 2016

Hi,

with a custom authentication handler, after you authenticate against the external system, you must have/create a user in AEM. If you look at the LDAP and SAML authentication mechanisms, there is always the option to use an existing user or create a new user. You cannot get a login token in AEM without a user that exists in AEM.

Regards,

Opkar

Termini e CondizioniAccessibility statement

Loading footer...