Expand my Community achievements bar.

SOLVED

Configure dispatcher for permission-sensitive caching - Using an external service

Avatar

Level 3
Level 3
1/19/16 5:17:57 AM

Hi,

I followed the documentation on https://docs.adobe.com/docs/en/dispatcher/permissions-cache.html to configure the auth_checker to check the permissions. When I check the dispatcher log I see that the authentication checker is used, but the url is always called on the publish instance. Is it possible to use an external service to validate the permissions?

I want to use an external service, because AEM doesn't contain the users session information.

Kind regards

Views

914

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
1/19/16 6:16:34 AM

Hi Steven,

 

OOTB functionality does not allow you to point to a custom authentication endpoint. As far as I know.

Ideally, you should handle authentication in publisher boxes. Example impl [1]

This surely, depends on load you are expecting on your servers. Given too big load it would be highly complicated to validate all requests on publishers.

For this use case, you would put a proxy server in between(Publish - Proxy - Dispatcher). Proxy would intercept authentication path requests and forward them to the desired authentication endpoint, which would in return validate user/path and return desired (success|fail) opcode back to the dispatcher.

 

[1] https://helpx.adobe.com/experience-manager/kb/PSCachingDelivery.html

Thanks,

Peter

View solution in original post

Views

657

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Community Advisor
Community Advisor
1/19/16 6:16:34 AM

Hi Steven,

 

OOTB functionality does not allow you to point to a custom authentication endpoint. As far as I know.

Ideally, you should handle authentication in publisher boxes. Example impl [1]

This surely, depends on load you are expecting on your servers. Given too big load it would be highly complicated to validate all requests on publishers.

For this use case, you would put a proxy server in between(Publish - Proxy - Dispatcher). Proxy would intercept authentication path requests and forward them to the desired authentication endpoint, which would in return validate user/path and return desired (success|fail) opcode back to the dispatcher.

 

[1] https://helpx.adobe.com/experience-manager/kb/PSCachingDelivery.html

Thanks,

Peter

Views

658

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply