Hi All,
We are migrating from CQ 5.6 to AEM 6.2 and in this process we had to upgrade our publish External login module which was
developed over CRXLoginModule, TokenBasedAuthentication, Jaas Config file and a custom class to sync the profiles.
Now we have developed custom Authentication Handler which handles the credentials and retuns AuthenticationInfo.
Developed Custom Identity Provider which talks to external App server over REST API and receives the xml response.
We have configured External Login Module and Sync Handler. When we tested this on fresh install of publish instance using
geometrix site it was working fine. Users are getting authentication by external system, groups received in the xml response
are getting synched.
But when we deployed there 2 osgi bundles (Custom Authentication Handler and REST Identity Provider) in our migrated instance,
configured External login module and sync handler it is behaving differently. From the login form, control is being sent to
extractCredentials method of Custom Authentication Handler and immediately going to authenticationSucceeded method.
It is not calling the login method of EXternal Login Module and hence request is not going to Custom Identify Provider.
What could be the reson for not calling External Login module. I'm using default "jackrabbit.oak" as realm name and
could see below login modules:
Registered LoginModules
Realm Rank Control Flag Type Classname
jackrabbit.oak
2000 SUFFICIENT Service com.adobe.cq.screens.sessions.impl.auth.ScreensLoginModuleFactory(3065)
1000 SUFFICIENT Service com.adobe.cq.dam.s7imaging.impl.auth.MemoryTokenServiceImpl(3990)
300 OPTIONAL Configuration org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule(Details)
200 SUFFICIENT Configuration org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule(Details)
100 SUFFICIENT Configuration org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl(Details)
50 REQUIRED Service org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory(4831)
Do i need to create custom External Login Module? or can i use the OOB External Login module. In the migrated instance CUG is enabled
and not sure what additional settings/configurations are required in the migrated instance to force authentication handler to pass
the authenticationInfo object to External Login module and this will call the integrated Custom Identity Provider.
Thanks & Regards
Suresh
