AEM Page Authentication | Community
Skip to main content
rajeshr83174799
rajeshr83174799
May 17, 2018
Solved

AEM Page Authentication

  • May 17, 2018
  • 4 replies
  • 1860 views

Hello,

I have a question about providing permissions for bulk users on AEM pages. Let me explain little bit more about my requirement.

I would like to have a person to feed in details of multiple users in our website and request access to a AEM page. Once they submit the details, in the back-end I should be able to reach out to AEM for provisioning the access to those users. Can I do it leveraging web services?

Thanks

Rajesh

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
    Best answer by joerghoh

    I can only speak of for AEM :-)

    Technically you should be able to do it, although I am not sure if there's an "offical" REST API to do that (in that case it shouldn't be hard to write it yourself).

    But I am very hesitant to recommend it to you; because if you add for each user a dedicated ACL to individual pages, you'll end up in lots of ACLs (with a performance impact!), and the whole setup will get unmanageable from an ACL perspective. It's easy to allow certain users to view certain pages, but what do you do if you need to remove these permissions? Or review them? And in any case, are you talking about your frontend (a.k.a publish instances) or authoring? In case of publish, you should apply the ACLs to all of them.

    From an AEM product point of view, Closed User Groups is the feature you are should use. You should really try to match your usecase to it, because everything more granular is likely to cause additional effort on implementation of a solution and maintenance of ACLs and permissions.

    Jörg

    4 replies

    joerghoh
    Adobe Employee
    joerghohAdobe Employee
    Adobe Employee
    May 18, 2018

    I understand you in a way, that you have AEM pages on publish, which are secured by default, and people need to request access for these pages on a different site. Is that correct?

    In that case I would try to group your AEM pages. You should not give access on single pages, but group a bunch of pages into a "page set". Then create groups on your IDP (LDAP-Server, Active Directory, whatever), connect that to your AEM and configure AEM in a way, that in order to access pages of page set "A" the user needs to be member of a group "group-A".

    And then you don't need to change ACLs or anything else on AEM side when allowing people to access the AEM pages, but rather make them members of a group. That approach scales much better and is much more managable than granting read access to individual users.

    regards,

    Jörg

      rajeshr83174799
      rajeshr83174799Author
      May 18, 2018

      Hello Jorg,

      Thank you for your kind reply. Yes, I agree this is a solution for my requirement.

      I would like to refine it more by eliminating the dependency on IDP since my users are going to be outside the organization.

      I want to build a solution which gets user(s) information(like First Name, Last Name, Email, Phone etc.) from our portal (usually people inside the organization will upload it in bulk) and mention the pages to be accessed. Once they hit the submit button, in the back-end I should be able to make some REST call (POST method) to AEM or AE Cloud so that permissions will be given to those pages and we will send a notification to individual users with their page(s) links and credentials. I am anticipating my solution will have to use the legacy authentication instead of IDP.

      Is it possible to integrate our portal this way with AEM or AE Cloud?

      Thanks,

      Rajesh

      joerghoh
      Adobe Employee
      joerghohAdobe EmployeeAccepted solution
      Adobe Employee
      May 21, 2018

      I can only speak of for AEM :-)

      Technically you should be able to do it, although I am not sure if there's an "offical" REST API to do that (in that case it shouldn't be hard to write it yourself).

      But I am very hesitant to recommend it to you; because if you add for each user a dedicated ACL to individual pages, you'll end up in lots of ACLs (with a performance impact!), and the whole setup will get unmanageable from an ACL perspective. It's easy to allow certain users to view certain pages, but what do you do if you need to remove these permissions? Or review them? And in any case, are you talking about your frontend (a.k.a publish instances) or authoring? In case of publish, you should apply the ACLs to all of them.

      From an AEM product point of view, Closed User Groups is the feature you are should use. You should really try to match your usecase to it, because everything more granular is likely to cause additional effort on implementation of a solution and maintenance of ACLs and permissions.

      Jörg

        rajeshr83174799
        rajeshr83174799Author
        May 21, 2018

        Thank you Jorg!!

        Terms & ConditionsAccessibility statement

        Loading footer...