My requirement is, user will enter userid and this userid will be validated by 3rd party system using REST call from CQ. Now once user is validated in 3rd party system then user should be able to login to CQ. Users will never be stored in CQ.
So, for implementation purpose I am thinking about custom login module or custom authentication handler but I am confused whether I need to implement custom login module or custom authentication handler.
Kindly advice.
Best regards,
Sam
Solved! Go to Solution.
Views
Replies
Total Likes
For your use case -- a custom login module for authentication. Here is another document that may help you implement one:
http://dev.day.com/content/docs/en/cq/current/core/deploying/custom-login-modules.pdf
Views
Replies
Total Likes
Could someone please give some pointer?
Views
Replies
Total Likes
CQ masters could you please help here?
Views
Replies
Total Likes
Have you read this AEM topic that talks about custom login modules?
http://dev.day.com/docs/en/cq/5-5/core/deploying/custom-login-modules.html
Views
Replies
Total Likes
Thanks Scott, I read this but my confusion is, do I need to have custom login or custom sling authentication?
Views
Replies
Total Likes
For your use case -- a custom login module for authentication. Here is another document that may help you implement one:
http://dev.day.com/content/docs/en/cq/current/core/deploying/custom-login-modules.pdf
Views
Replies
Total Likes
As per my understanding, If I implement custom login module then user will be sync in CQ on login and hence user info will be stored into CQ.
But my requirement is, we do not want to store user info in CQ. Kindly let me know if my understanding is wrong.
Thank you for your help as always
Sam
Views
Replies
Total Likes
Hi,
I have done similar stuff using custom authentication handler, User is authenticated at remote systems using SOAP WS call. An auth handler implementation is enough for your use case.
I configured the auth handler to a specific path say /en and then posted the login form to URL - /en/login.html/j_security_check.
In extractCredentials get the user name and passed from j_username and j_password respectively and call your 3rd party system.
For creating login token and all, I created a master user node in repository which will be used for impersonation.
username - master-user
Here is the code snippet that will do the trick.
AuthenticationInfo authenticationInfo = new AuthenticationInfo("TOKEN", "master-user"); SimpleCredentials simpleCredentials = new SimpleCredentials(cqUserId, new char[0]); simpleCredentials.setAttribute(".token", ""); // Current user's id, if want to store in CRX. simpleCredentials.setAttribute("remoteUserId", remoteUserId); Session impersonatedSession = adminSession.impersonate(simpleCredentials); String token = (String)simpleCredentials.getAttribute(".token"); // Now time to create TokenCookie // create the TokenCredentials TokenCredentials tokenCredentials = new TokenCredentials(token );
authenticationInfo.put("user.jcr.credentials", tokenCredentials);
String repositoryId = this.repository
.getDescriptor(Constants.CRX_CLUSTER_ID);
if (repositoryId == null) {
repositoryId = this.repository
.getDescriptor(Constants.CRX_REPO_SYS_ID);
}
if (repositoryId == null) {
repositoryId = UUIDUtil.getRandomUUID();
}
// Update the token cookie.
TokenCookie.update(request, response, repositoryId,
tokenCredentials.getToken(), adminSession
.getWorkspace().getName(), true);
return authenticationInfo;
this is just for explaining, you should gracefully handle the admin session here.
Now a valid non null AuthenticationInfo is returned from extractCredentials method to SlingAuthenticator and the login will work.
HTH,
Thanks,
Rakesh
Views
Replies
Total Likes
Thank you Rakesh for detail explanation! Will try and let you know.
BTW, do you know about this question?
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies