Hi all,
My system is currently designed such that users are authenticated against an external Access Manager, which upon successful authentication redirects to AEM. Within AEM I have the Adobe Granite SSO Authentication Handler configured to trust the authenticated requests.
I have also configured the Apache Jackrabbit Oak LDAP Identity Provider to connect to LDAP, the Apache Jackrabbit Oak Default Sync Handler for sync-ing users and groups from LDAP every 5 minutes and the Apache Jackrabbit Oak External Login Module.
The behavior I am expecting is that once the user is authenticated by the access manager and re-directed to AEM, the SSO Authentication handler will find the necessary header parameters and trust the pre-authenticated user. Also since I have the Default sync handler configured, the trusted user's properties and memberships will be synced if the rep:lastSynced date has expired.
The SSO Authentication handler behaves as expected each time by trusting the authenticated users. However, the sync handler doesn't get invoked each time. In fact it gets invoked only when the user is logging in for the first time. This means that the sync happens only when the user's node doesn't already exist is AEM. Once the node is created, I don't see the DefaultSyncHandler attempting to check the rep:lastSynced property and sync.
Interestingly this happens only when the SSO authentication is used. If I use the default Token authentication using the configured External Login Module, the sync handler gets invoked each time.
Anybody got any views, why this could be happening?
-kunal
