By pass AEM login screen | Community
Skip to main content
H
hari_krishna_si
October 16, 2015
Solved

By pass AEM login screen

  • October 16, 2015
  • 5 replies
  • 2413 views

Hi,

I am doing a POC where I want to bypass the Aem login screen. I have deployed AEM 6.0 on tomcat and configured  in house authentication (Kerberos ) in tomcat. When I start the tomcat and access the application, it shown the in house login screen. Once the authentication is successful, it is showing AEM login screen. As per my requirement I don't want to show AEM login screen and user should see welcome screen when the login is suucessful from in house login screen. Do I need to create any custom logic to by pass the AEM login screen?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by gopalKa

The kerberos token needs to be validated and then only the user would be allowed. you can use http://jackrabbit.apache.org/oak/docs/security/authentication/externalloginmodule.html and create an externalloginmodule for this. Then you can also try to leverage http://docs.oracle.com/javase/7/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html for this. After authentication of the kerberos token, the user can be syncd to the system also.

5 replies

G
Adobe Employee
gopalKaAdobe EmployeeAccepted solution
Adobe Employee
October 16, 2015

The kerberos token needs to be validated and then only the user would be allowed. you can use http://jackrabbit.apache.org/oak/docs/security/authentication/externalloginmodule.html and create an externalloginmodule for this. Then you can also try to leverage http://docs.oracle.com/javase/7/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html for this. After authentication of the kerberos token, the user can be syncd to the system also.

hari_krishna_s1
hari_krishna_s1
Level 2
October 16, 2015

Hi Kalyan,

As per my understanding need to create a custom class which implements externalidentityprovider and override the authenticate method and this identify provider should be configured in apache Jackrabbit Oak external login module right?

Do you have any sample logic?

Lokesh_Shivalingaiah
Lokesh_Shivalingaiah
Level 10
October 16, 2015

Yes! thats correct..

will post you some sample logic if I get any or I will try to do it myself

hari_krishna_s1
hari_krishna_s1
Level 2
October 16, 2015

Than you. I am planning to create an user (userid which can be validated by kerberos authentication system) with dummy password in AEM. And then  i will login with that userid and kerberos password from kerberos(in house system) login form. Once credentials are validated successfully and creates kerberos token and passes the control to AEM. If we write a custom identity provider which implements externalidentityprovider , then control will come to the custom identity provider authenticate() method? Custom identity provider should execute the logic and should display AEM welcome screen without the AEM login form. As the user is already part of the system with dummy password, can see the icons for which he is authorized in welcome screen. kerberos password is for initial login.

 @Override
    public ExternalUser authenticate(Credentials credentials)  {
   // what should we return here?
    }

G
Adobe Employee
gopalKaAdobe Employee
Adobe Employee
October 16, 2015

 http://jackrabbit.apache.org/oak/docs/security/authentication/ldap.html This link talks about how LDAP is plugged in. They have written an LDAPIdentityProvider http://grepcode.com/file/repo1.maven.org/maven2/org.apache.jackrabbit/oak-auth-ldap/0.17.1/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java and plugged it in AEM using the ExternalLoginModule. Does this help?

Terms & ConditionsAccessibility statement

Loading footer...