Highlighted

AEM 6.2 - External login

boser87

31-03-2017

Hi guys,

I have to implement a special case of external login with AEM on Publish instance. This is my scenario:

  • The authentication system AND the login page are external wrt AEM. The login page is not hosted on AEM
  • Every single request is proxied by another system that performs the authentication and augment the request header
  • The main assumption is that the requests hitting the Publish instance are already authenticated, i.e. the request header will contain a token and some profile information, including username and profile: customer or manager (we don't want to synch users and groups!)
  • AEM will have a few users manually created representing the different profiles: customer or manager; for these users AEM has the permissions on the pages created through AEM

What I would like to implement is:

  • Every request hitting the Publish instance, that is anonymous by default, has to be mapped to the correct user on AEM (customer or manager) according to the data into the request header, so that the customer user logged through the external system can see only the pages for which I configured read permission through the User Management console in AEM

Should I use a Sling Filter for achieving this?

 

Thanks for your help!

Replies

Highlighted
Highlighted

boser87

02-04-2017

        Hi MC Stuff and thanks for your reply! Do you think that the SSO approach is suitable for Publish instance too? And do you think that that would allow me to map to incoming group information on the request to one of the two users in AEM?
Highlighted

MC_Stuff

03-04-2017

Hi Tony,

   It applies for publish instance also.  In case you have more than one publish instance and group information in request clearing on subsequent requests then enable encapsulated token support. https://docs.adobe.com/docs/en/aem/6-1/administer/security/encapsulated-token.html

 

Thanks,

Highlighted

a_mn1

22-01-2019

Hi, Could you please let me know how did u achieve this. I do have a very similar requirement.

Regards,

Anand MN