Expand my Community achievements bar.

SOLVED

Configure dispatcher for permission-sensitive caching - Using an external service

Avatar

Level 3

Hi,

I followed the documentation on https://docs.adobe.com/docs/en/dispatcher/permissions-cache.html to configure the auth_checker to check the permissions. When I check the dispatcher log I see that the authentication checker is used, but the url is always called on the publish instance. Is it possible to use an external service to validate the permissions?

I want to use an external service, because AEM doesn't contain the users session information.

Kind regards

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi Steven,

 

OOTB functionality does not allow you to point to a custom authentication endpoint. As far as I know.

Ideally, you should handle authentication in publisher boxes. Example impl [1]

This surely, depends on load you are expecting on your servers. Given too big load it would be highly complicated to validate all requests on publishers.

For this use case, you would put a proxy server in between(Publish - Proxy - Dispatcher). Proxy would intercept authentication path requests and forward them to the desired authentication endpoint, which would in return validate user/path and return desired (success|fail) opcode back to the dispatcher.

 

[1] https://helpx.adobe.com/experience-manager/kb/PSCachingDelivery.html

Thanks,

Peter

View solution in original post

1 Reply

Avatar

Correct answer by
Community Advisor

Hi Steven,

 

OOTB functionality does not allow you to point to a custom authentication endpoint. As far as I know.

Ideally, you should handle authentication in publisher boxes. Example impl [1]

This surely, depends on load you are expecting on your servers. Given too big load it would be highly complicated to validate all requests on publishers.

For this use case, you would put a proxy server in between(Publish - Proxy - Dispatcher). Proxy would intercept authentication path requests and forward them to the desired authentication endpoint, which would in return validate user/path and return desired (success|fail) opcode back to the dispatcher.

 

[1] https://helpx.adobe.com/experience-manager/kb/PSCachingDelivery.html

Thanks,

Peter