Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

AEM 6.2 - External login

Avatar

Avatar
Validate 25
Level 3
boser87
Level 3

Likes

18 likes

Total Posts

84 posts

Correct Reply

8 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Boost 5
Boost 3
View profile

Avatar
Validate 25
Level 3
boser87
Level 3

Likes

18 likes

Total Posts

84 posts

Correct Reply

8 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Boost 5
Boost 3
View profile
boser87
Level 3

31-03-2017

Hi guys,

I have to implement a special case of external login with AEM on Publish instance. This is my scenario:

  • The authentication system AND the login page are external wrt AEM. The login page is not hosted on AEM
  • Every single request is proxied by another system that performs the authentication and augment the request header
  • The main assumption is that the requests hitting the Publish instance are already authenticated, i.e. the request header will contain a token and some profile information, including username and profile: customer or manager (we don't want to synch users and groups!)
  • AEM will have a few users manually created representing the different profiles: customer or manager; for these users AEM has the permissions on the pages created through AEM

What I would like to implement is:

  • Every request hitting the Publish instance, that is anonymous by default, has to be mapped to the correct user on AEM (customer or manager) according to the data into the request header, so that the customer user logged through the external system can see only the pages for which I configured read permission through the User Management console in AEM

Should I use a Sling Filter for achieving this?

 

Thanks for your help!

Replies

Avatar

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,409 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,409 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile
smacdonald2008
Level 10

31-03-2017

Checking this with the internal AEM team.  I am not seeing any docs on this to guide you on this use case. 

Avatar

Avatar
Validate 25
Level 3
boser87
Level 3

Likes

18 likes

Total Posts

84 posts

Correct Reply

8 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Boost 5
Boost 3
View profile

Avatar
Validate 25
Level 3
boser87
Level 3

Likes

18 likes

Total Posts

84 posts

Correct Reply

8 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Boost 5
Boost 3
View profile
boser87
Level 3

31-03-2017

        That would be awesome. Thanks Scott!

Avatar

Avatar
Validate 25
Level 3
boser87
Level 3

Likes

18 likes

Total Posts

84 posts

Correct Reply

8 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Boost 5
Boost 3
View profile

Avatar
Validate 25
Level 3
boser87
Level 3

Likes

18 likes

Total Posts

84 posts

Correct Reply

8 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Boost 5
Boost 3
View profile
boser87
Level 3

02-04-2017

        Hi MC Stuff and thanks for your reply! Do you think that the SSO approach is suitable for Publish instance too? And do you think that that would allow me to map to incoming group information on the request to one of the two users in AEM?

Avatar

Avatar
Validate 1
Level 8
MC_Stuff
Level 8

Likes

78 likes

Total Posts

467 posts

Correct Reply

158 solutions
Top badges earned
Validate 1
Boost 50
Boost 5
Boost 3
Boost 25
View profile

Avatar
Validate 1
Level 8
MC_Stuff
Level 8

Likes

78 likes

Total Posts

467 posts

Correct Reply

158 solutions
Top badges earned
Validate 1
Boost 50
Boost 5
Boost 3
Boost 25
View profile
MC_Stuff
Level 8

03-04-2017

Hi Tony,

   It applies for publish instance also.  In case you have more than one publish instance and group information in request clearing on subsequent requests then enable encapsulated token support. https://docs.adobe.com/docs/en/aem/6-1/administer/security/encapsulated-token.html

 

Thanks,

Avatar

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile
a_mn1
Level 3

22-01-2019

Hi, Could you please let me know how did u achieve this. I do have a very similar requirement.

Regards,

Anand MN

Avatar

Avatar
Give Back
Level 1
ian0422my
Level 1

Likes

0 likes

Total Posts

1 post

Correct Reply

0 solutions
Top badges earned
Give Back
View profile

Avatar
Give Back
Level 1
ian0422my
Level 1

Likes

0 likes

Total Posts

1 post

Correct Reply

0 solutions
Top badges earned
Give Back
View profile
ian0422my
Level 1

16-04-2020

hi,

 

i have the same requirement. Did anyone manage to find a solution for this?

 

regards

 

ian