Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events

Closed User Groups (CUG) for 1 million users on AEM

Avatar

Level 7

I heard that on the AEMaaCS they disabled Adobe Granite SAML 2.0 Authentication Handler , which creates a new user node on the AEM publishers. from there, the Adobe Granite SAML 2.0 Authentication Handler  would tag that user with the the correct user-group, and finally, that authenticated SSO user now can view Closed User Groups (CUG)  content.

Is this true?

Well, next question is We have a requirement here where customers would log into our AEM dispatcher website, and then allow them to read Closed User Group content.; view assets from the DAM. What is the best way for doing this?

The users registered to view CUG content are completely random guests for example, @gmail,com @outlook.com, @company.com, @subscribed users.

AEMaaCS disabled Adobe Granite SAML 2.0 Authentication Handler because they don't want to overload servers or what? What is the best way t achieve this?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

4 Replies

Avatar

Level 9

Hi @AEMWizard ,

Yes, it is true that Adobe has disabled the Adobe Granite SAML 2.0 Authentication Handler in AEM as a Cloud Service (AEMaaCS) because it creates a new user node on the AEM publishers, which can cause scalability and performance issues when dealing with a large number of users.

To allow customers to read Closed User Group (CUG) content and view assets from the DAM, you can use the AEMaaCS-supported authentication mechanisms, such as Adobe I/O Runtime or Adobe Experience Platform Identity Service. These authentication mechanisms allow you to authenticate users and assign them to specific user groups, which can be used to control access to CUG content and assets.

For example, you can use Adobe I/O Runtime to authenticate users using OAuth 2.0 or JSON Web Tokens (JWT), and then use the AEMaaCS APIs to assign the authenticated users to specific user groups. You can then use the CUG feature in AEM to restrict access to content and assets based on the assigned user groups.

To handle a large number of users, you can use a scalable and distributed architecture, such as a serverless architecture using Adobe I/O Runtime or a microservices architecture using Adobe Experience Platform. These architectures can help you handle a large number of users and provide high scalability and performance.

It's important to note that the specific details and options for implementing CUG in AEMaaCS may vary depending on your specific AEMaaCS subscription and agreement with Adobe. It is recommended to consult with Adobe or your Adobe partner for more information and assistance with implementing CUG in your AEMaaCS environment.

Avatar

Employee Advisor

Can you please point me to the documentation which says that SAML 2.0 authentication on publish is not available on AEM CS?

(I know a number of cases, where this is working.)

Avatar

Level 7

I'm not sure here, but I need some help. Please, what is the best way to handle 

1 million users on AEM, which these users are just people who wants to read news, maybe update their email and profile name. The content would rather be secured with CUG. We are planning to use CUG cache to increase performance of secured pages. 

We do not want to overload AEM with these random users, so whats the best practice.

@Jörg_Hoh 

Avatar

Administrator

@AEMWizard Did you find the suggestion helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!



Kautuk Sahni