Expand my Community achievements bar.

SOLVED

Doubts on 3rd party authentication

Avatar

Level 6

My requirement is, user will enter userid and this userid will be validated by 3rd party system using REST call from CQ. Now once user is validated in 3rd party system then user should be able to login to CQ. Users will never be stored in CQ. 

So, for implementation purpose I am thinking about custom login module or custom authentication handler but I am confused whether I need to implement custom login module or custom authentication handler.

 Kindly advice. 

 Best regards,

Sam

1 Accepted Solution

Avatar

Correct answer by
Level 10

For your use case -- a custom login module for authentication. Here is another document that may help you implement one:

http://dev.day.com/content/docs/en/cq/current/core/deploying/custom-login-modules.pdf

View solution in original post

8 Replies

Avatar

Level 6

Could someone please give some pointer?

Avatar

Level 6

CQ masters could you please help here?

Avatar

Level 6

Thanks Scott, I read this but my confusion is, do I need to have custom login or custom sling authentication?

Avatar

Correct answer by
Level 10

For your use case -- a custom login module for authentication. Here is another document that may help you implement one:

http://dev.day.com/content/docs/en/cq/current/core/deploying/custom-login-modules.pdf

Avatar

Level 6

As per my understanding, If I implement custom login module then user will be sync in CQ on login and hence user info will be stored into CQ.

But my requirement is, we do not want to store user info in CQ. Kindly let me know if my understanding is wrong. 

Thank you for your help as always

 

Sam

Avatar

Level 2

Hi,

I have done similar stuff using custom authentication handler, User is authenticated at remote systems using SOAP WS call. An auth handler implementation is enough for your use case.

I configured the auth handler to a specific path say /en and then posted the login form to URL - /en/login.html/j_security_check.

In extractCredentials get the user name and passed from j_username and j_password respectively and call your 3rd party system.

For creating login token and all, I created a master user node in repository which will be used for impersonation.

username - master-user

Here is the code snippet that will do the trick.

AuthenticationInfo authenticationInfo = new AuthenticationInfo("TOKEN", "master-user"); SimpleCredentials simpleCredentials = new SimpleCredentials(cqUserId, new char[0]); simpleCredentials.setAttribute(".token", ""); // Current user's id, if want to store in CRX. simpleCredentials.setAttribute("remoteUserId", remoteUserId); Session impersonatedSession = adminSession.impersonate(simpleCredentials); String token = (String)simpleCredentials.getAttribute(".token"); // Now time to create TokenCookie // create the TokenCredentials                 TokenCredentials tokenCredentials = new TokenCredentials(token );
authenticationInfo.put("user.jcr.credentials", tokenCredentials);

String repositoryId = this.repository
                        .getDescriptor(Constants.CRX_CLUSTER_ID);
                if (repositoryId == null) {
                    repositoryId = this.repository
                            .getDescriptor(Constants.CRX_REPO_SYS_ID);
                }
                if (repositoryId == null) {
                    repositoryId = UUIDUtil.getRandomUUID();
                }
                // Update the token cookie.
                TokenCookie.update(request, response, repositoryId,
                        tokenCredentials.getToken(), adminSession
                                .getWorkspace().getName(), true);

return authenticationInfo;

 

this is just for explaining, you should gracefully handle the admin session here.

 

Now a valid non null AuthenticationInfo is returned from extractCredentials method to SlingAuthenticator and the login will work.

HTH,

Thanks,

Rakesh

Avatar

Level 6

Thank you Rakesh for detail explanation! Will try and let you know.

BTW, do you know about this question?