I have to implement a special case of external login with AEM on Publish instance. This is my scenario:
The authentication system AND the login page are external wrt AEM. The login page is not hosted on AEM
Every single request is proxied by another system that performs the authentication and augment the request header
The main assumption is that the requests hitting the Publish instance are already authenticated, i.e. the request header will contain a token and some profile information, including username and profile: customer or manager (we don't want to synch users and groups!)
AEM will have a few users manually created representing the different profiles: customer or manager; for these users AEM has the permissions on the pages created through AEM
What I would like to implement is:
Every request hitting the Publish instance, that is anonymous by default, has to be mapped to the correct user on AEM (customer or manager) according to the data into the request header, so that the customer user logged through the external system can see only the pages for which I configured read permission through the User Management console in AEM
Hi MC Stuff and thanks for your reply! Do you think that the SSO approach is suitable for Publish instance too? And do you think that that would allow me to map to incoming group information on the request to one of the two users in AEM?