Adobe Experience Manager Sites & More

hari_krishna_si · 10/15/15

Hi,

I am doing a POC where I want to bypass the Aem login screen. I have deployed AEM 6.0 on tomcat and configured in house authentication (Kerberos ) in tomcat. When I start the tomcat and access the application, it shown the in house login screen. Once the authentication is successful, it is showing AEM login screen. As per my requirement I don't want to show AEM login screen and user should see welcome screen when the login is suucessful from in house login screen. Do I need to create any custom logic to by pass the AEM login screen?

kalyanar · 10/15/15

The kerberos token needs to be validated and then only the user would be allowed. you can use http://jackrabbit.apache.org/oak/docs/security/authentication/externalloginmodule.html and create an externalloginmodule for this. Then you can also try to leverage http://docs.oracle.com/javase/7/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5Log... for this. After authentication of the kerberos token, the user can be syncd to the system also.

View solution in original post

kalyanar · 10/15/15

The kerberos token needs to be validated and then only the user would be allowed. you can use http://jackrabbit.apache.org/oak/docs/security/authentication/externalloginmodule.html and create an externalloginmodule for this. Then you can also try to leverage http://docs.oracle.com/javase/7/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5Log... for this. After authentication of the kerberos token, the user can be syncd to the system also.

hari_krishna_s1 · 10/15/15

Hi Kalyan,

As per my understanding need to create a custom class which implements externalidentityprovider and override the authenticate method and this identify provider should be configured in apache Jackrabbit Oak external login module right?

Do you have any sample logic?

Lokesh_Shivalingaiah · 10/15/15

Yes! thats correct..

will post you some sample logic if I get any or I will try to do it myself

hari_krishna_s1 · 10/15/15

Than you. I am planning to create an user (userid which can be validated by kerberos authentication system) with dummy password in AEM. And then i will login with that userid and kerberos password from kerberos(in house system) login form. Once credentials are validated successfully and creates kerberos token and passes the control to AEM. If we write a custom identity provider which implements externalidentityprovider , then control will come to the custom identity provider authenticate() method? Custom identity provider should execute the logic and should display AEM welcome screen without the AEM login form. As the user is already part of the system with dummy password, can see the icons for which he is authorized in welcome screen. kerberos password is for initial login.

@Override
public ExternalUser authenticate(Credentials credentials) {
// what should we return here?
}