Query about custom authentication handler , how to apply CUG like functionality | Community
Skip to main content
A
asn11
Level 4
August 10, 2016

Query about custom authentication handler , how to apply CUG like functionality

  • August 10, 2016
  • 1 reply
  • 2980 views

If I am using a custom Authentication handler and my users reside in some database.

In extract Credentials method I authenticate my user from request i.e. j_username check that it exists and password is correct probably from database, I ask TokenUtil to create credentials to create necessary login token for that user to have access to aem.

But in such cases, how / who decides if user has access to that particular cases, which in crx based login would be done by group /CUG associated to that user.

Here since I would not have any user created in crx how the authorization should happen to see if that user has access to that page?

any help is welcome.

 

Regards.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

1 reply

Tuhin_Ghosh
Tuhin_Ghosh
Level 8
August 11, 2016

Below here is one documentation I made for internal use. Hope this helps.

To configure such a area within follow the below steps:

APPLYING YOUR CLOSED USER GROUP TO CONTENT PAGES

 

To apply the CUG to a page:

 

    • Navigate to the root page of the restricted section you want to assign to your CUG.

    • Open the Page Properties (from the Page tab in the Sidekick).

    • Open the Advanced tab.

    • Expand the Closed User Group pane.

    • Click Enabled to define that this page (and any child pages) belong to a CUG.

    • Specify the Login Page that members of the group will use; for example:
      /content/geometrixx/en/toolbar/login.html
      This is optional, if left blank the standard login page will be used.

    • Add the Admitted Groups. Use + to add groups or - to remove. Only members of these groups will be allowed to log in and access the pages.

    • Assign a Realm (a name for the groups of pages) if required. Leave empty to use the page title.

    • Click OK to save the specification.

A
asn11Author
Level 4
August 11, 2016

HI Tuhin,

Thanks for the reply.

But this will be possible when I have groups and users in AEM . I am talking about not having users and groups in AEM but have them store outside of AEM.

How / who would be doing the authorization part in that case?

Regards

O
Adobe Employee
ogillAdobe Employee
Adobe Employee
August 11, 2016

Hi,

with a custom authentication handler, after you authenticate against the external system, you must have/create a user in AEM. If you look at the LDAP and SAML authentication mechanisms, there is always the option to use an existing user or create a new user. You cannot get a login token in AEM without a user that exists in AEM.

Regards,

Opkar

Terms & ConditionsAccessibility statement

Loading footer...