Expand my Community achievements bar.

SOLVED

AEM Custom Authentication Handler on Clustered Environment

Avatar

Level 1

Hi,
I need support and suggestions,
I am currently using a custom authentication handler for oath openid, It works well on single author and publisher environment, Now we want to deploy our solution on production where there is a clustered environment i.e multiple dispatcher and publishers and authors and a load balancer before dispatcher. so how to it work in this clustered environment? How sessions will be managed as it is clustered enviornment ? what AEM suggested for this for Custom Authentication Handler.
The code for the authentication handler that I am utilizing is https://github.com/larsauffarth/oidc-authentication-handler/tree/main 

Looking forward for support.

Thanks

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Employee

Hi @AhmedHa,

The referenced Authentication Handler requires sticky sessions to be in place, so that after successful OIDC authentication, the same publisher instance handles all subsequent requests. This is necessary, as the other publishers wouldn't have information on the initial successful OIDC authentication event.

As already mentioned above, and in my previous response on the blog post, user-synchronization will help in distributing any changes on the users across your publishers so that you have an eventually consistent state of your user base across your clustered environment.

Does that help?

View solution in original post

3 Replies

Avatar

Administrator

@AhmedHa Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.



Kautuk Sahni

Avatar

Correct answer by
Employee

Hi @AhmedHa,

The referenced Authentication Handler requires sticky sessions to be in place, so that after successful OIDC authentication, the same publisher instance handles all subsequent requests. This is necessary, as the other publishers wouldn't have information on the initial successful OIDC authentication event.

As already mentioned above, and in my previous response on the blog post, user-synchronization will help in distributing any changes on the users across your publishers so that you have an eventually consistent state of your user base across your clustered environment.

Does that help?