Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

By pass AEM login screen

hari_krishna_si
Level 1
Level 1

Hi,

I am doing a POC where I want to bypass the Aem login screen. I have deployed AEM 6.0 on tomcat and configured  in house authentication (Kerberos ) in tomcat. When I start the tomcat and access the application, it shown the in house login screen. Once the authentication is successful, it is showing AEM login screen. As per my requirement I don't want to show AEM login screen and user should see welcome screen when the login is suucessful from in house login screen. Do I need to create any custom logic to by pass the AEM login screen?

1 Accepted Solution
kalyanar
Correct answer by
Employee
Employee

The kerberos token needs to be validated and then only the user would be allowed. you can use http://jackrabbit.apache.org/oak/docs/security/authentication/externalloginmodule.html and create an externalloginmodule for this. Then you can also try to leverage http://docs.oracle.com/javase/7/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5Log... for this. After authentication of the kerberos token, the user can be syncd to the system also.

View solution in original post

5 Replies
kalyanar
Correct answer by
Employee
Employee

The kerberos token needs to be validated and then only the user would be allowed. you can use http://jackrabbit.apache.org/oak/docs/security/authentication/externalloginmodule.html and create an externalloginmodule for this. Then you can also try to leverage http://docs.oracle.com/javase/7/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5Log... for this. After authentication of the kerberos token, the user can be syncd to the system also.

View solution in original post

hari_krishna_s1
Level 2
Level 2

Hi Kalyan,

As per my understanding need to create a custom class which implements externalidentityprovider and override the authenticate method and this identify provider should be configured in apache Jackrabbit Oak external login module right?

Do you have any sample logic?

Lokesh_Shivalingaiah
Community Advisor
Community Advisor

Yes! thats correct..

will post you some sample logic if I get any or I will try to do it myself

hari_krishna_s1
Level 2
Level 2

Than you. I am planning to create an user (userid which can be validated by kerberos authentication system) with dummy password in AEM. And then  i will login with that userid and kerberos password from kerberos(in house system) login form. Once credentials are validated successfully and creates kerberos token and passes the control to AEM. If we write a custom identity provider which implements externalidentityprovider , then control will come to the custom identity provider authenticate() method? Custom identity provider should execute the logic and should display AEM welcome screen without the AEM login form. As the user is already part of the system with dummy password, can see the icons for which he is authorized in welcome screen. kerberos password is for initial login.

 @Override
    public ExternalUser authenticate(Credentials credentials)  {
   // what should we return here?
    }

kalyanar
Employee
Employee

 http://jackrabbit.apache.org/oak/docs/security/authentication/ldap.html This link talks about how LDAP is plugged in. They have written an LDAPIdentityProvider http://grepcode.com/file/repo1.maven.org/maven2/org.apache.jackrabbit/oak-auth-ldap/0.17.1/org/apach... and plugged it in AEM using the ExternalLoginModule. Does this help?