Doubts on 3rd party authentication

Could someone please give some pointer?

CQ masters could you please help here?

Have you read this AEM topic that talks about custom login modules?

http://dev.day.com/docs/en/cq/5-5/core/deploying/custom-login-modules.html

Thanks Scott, I read this but my confusion is, do I need to have custom login or custom sling authentication?

As per my understanding, If I implement custom login module then user will be sync in CQ on login and hence user info will be stored into CQ.

But my requirement is, we do not want to store user info in CQ. Kindly let me know if my understanding is wrong. 

Thank you for your help as always

Sam

Hi,

I have done similar stuff using custom authentication handler, User is authenticated at remote systems using SOAP WS call. An auth handler implementation is enough for your use case.

I configured the auth handler to a specific path say /en and then posted the login form to URL - /en/login.html/j_security_check.

In extractCredentials get the user name and passed from j_username and j_password respectively and call your 3rd party system.

For creating login token and all, I created a master user node in repository which will be used for impersonation.

username - master-user

Here is the code snippet that will do the trick.

AuthenticationInfo authenticationInfo = new AuthenticationInfo("TOKEN", "master-user"); SimpleCredentials simpleCredentials = new SimpleCredentials(cqUserId, new char[0]); simpleCredentials.setAttribute(".token", ""); // Current user's id, if want to store in CRX. simpleCredentials.setAttribute("remoteUserId", remoteUserId); Session impersonatedSession = adminSession.impersonate(simpleCredentials); String token = (String)simpleCredentials.getAttribute(".token"); // Now time to create TokenCookie // create the TokenCredentials                 TokenCredentials tokenCredentials = new TokenCredentials(token );

authenticationInfo.put("user.jcr.credentials", tokenCredentials);

String repositoryId = this.repository
                        .getDescriptor(Constants.CRX_CLUSTER_ID);
                if (repositoryId == null) {
                    repositoryId = this.repository
                            .getDescriptor(Constants.CRX_REPO_SYS_ID);
                }
                if (repositoryId == null) {
                    repositoryId = UUIDUtil.getRandomUUID();
                }
                // Update the token cookie.
                TokenCookie.update(request, response, repositoryId,
                        tokenCredentials.getToken(), adminSession
                                .getWorkspace().getName(), true);

return authenticationInfo;

this is just for explaining, you should gracefully handle the admin session here.

Now a valid non null AuthenticationInfo is returned from extractCredentials method to SlingAuthenticator and the login will work.

HTH,

Thanks,

Rakesh

Thank you Rakesh for detail explanation! Will try and let you know.

BTW, do you know about this question?