Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

AEMaaCS - Publish - End-users Login & Sessions

Avatar

Level 3

Hi all,

 

for a large customer, we're evaluating a scenario using AEMaaCS for the authenticated area of portal: end user (>50000 users) needs to login to publish tier and consume content and backend services, secured through JWT. I'm aware about many customization one can setup with AEM, but also that CS version has its own peculiarities (https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/sites/authoring/per...), so can someone suggest me:

1) what's best strategy? SAML, Oauth or OIDC (I remember the latest one was a community integration, not Enterprise ready)?

2) from implementation side, it's better to rely on HTTPSession or JCRSession (on publish - I remember that Publish Tier was stateless)?

3) any other suggestion to deal with challenge in a winner way are welcome  

Thanks in advance, regards

1 Accepted Solution

Avatar

Correct answer by
Level 3

Hello @kautuk_sahni !!! You're welcome!!! As a general consideration we can only say that the infinite extensibility of AEM allows the identification of differentiated solutions depending on the use case and the requirement. In my case, the little number of Publish users (less than 5000) and the few interaction they'll be allowed to do with the site in the Private Area  (subscribe page alert, save bookmarks, and personal informations - no more user generated content) allowed us to leverage the OOTB capabilities of AEM, features offered by the platform's native Sling Authentication Framework with custom implementation. We implemented all the registering/authentication/data management flows by our own; we also implemented a crypto AES-based utility in order to cypher data at-rest and decypher them in visualize them onto the web pages, ensuring full compliance with GDPR. Solution was the best fit for our needs. I suggest to anyone  who'll have to deal with this challenge to start from official documentations: https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/sites/authoring/per...

View solution in original post

5 Replies

Avatar

Administrator

@aanchal-sikka @Avdhesh-Pandey @VictorToledo @sherinregi @Hafizur-Rahman @Hemant_arora @RobertHarperFS Can you please review this unanswered question? Appreciate your thoughts on this.



Kautuk Sahni

Avatar

Administrator

@mirkomanga can you share the solution with community for posterity? 



Kautuk Sahni

Avatar

Correct answer by
Level 3

Hello @kautuk_sahni !!! You're welcome!!! As a general consideration we can only say that the infinite extensibility of AEM allows the identification of differentiated solutions depending on the use case and the requirement. In my case, the little number of Publish users (less than 5000) and the few interaction they'll be allowed to do with the site in the Private Area  (subscribe page alert, save bookmarks, and personal informations - no more user generated content) allowed us to leverage the OOTB capabilities of AEM, features offered by the platform's native Sling Authentication Framework with custom implementation. We implemented all the registering/authentication/data management flows by our own; we also implemented a crypto AES-based utility in order to cypher data at-rest and decypher them in visualize them onto the web pages, ensuring full compliance with GDPR. Solution was the best fit for our needs. I suggest to anyone  who'll have to deal with this challenge to start from official documentations: https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/sites/authoring/per...

Avatar

Administrator

@mirkomanga appreciate you sharing this with the broader AEM community. Good to have great SMEs like you here. 



Kautuk Sahni