Adobe Experience Manager Sites & More

bishnu_satpathy_tcs · 6/20/25

Hi Team

We are looking for a solution to have our lower environments' Public URLs(via Dispatchers) to be brought under authentication.

We have enabled basic authentication for the lower environment via dispatcher, however we are implementing the steps manually for each environment. Since following are the constraints.

1. Each lower environment has a different username and password.

2. Also not able checkin to the dispatcher repository as the credentials are different and should not be enabled on the Production environment.

It would be of great help, if i get a little assistance on this requirement.

Regards

Bishnu

narendiran_ravi · 6/20/25

Hi @bishnu_satpathy_tcs ,

For AEM as a Cloud Service, refer to the following guide on enabling basic authentication through the CDN:
Basic Authentication in AEMaaCS CDN

For earlier versions of AEM (on-premise or AMS), refer to this article:
How to Enable Basic Authentication for AEM and Cloud Manager

SantoshSai · 6/22/25

Hi @bishnu_satpathy_tcs,

Based on my experience with AEM Dispatcher setups and environment-specific authentication, here’s how you can approach this requirement efficiently:

I would recommend:

1. Environment-Specific Configuration Files

Keep your Dispatcher configuration modular by splitting authentication-related settings into environment-specific files, e.g.:
- dispatcher_auth_lower1.conf
- dispatcher_auth_lower2.conf
Your main dispatcher config can include these files conditionally during deployment or startup based on the environment.

2. Use Environment Variables or Deployment Automation

When deploying to each environment, inject the correct Basic Auth username and password via deployment scripts or CI/CD pipelines (e.g., Ansible, Jenkins).
The pipeline replaces or updates the environment-specific dispatcher config file with the right credentials without checking secrets into version control.

3. Avoid Checking Credentials into Source Control

Store the credentials securely in your organization’s secret management system or vault (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, etc.).
Fetch credentials dynamically during deployment rather than hardcoding.

4. Dispatcher Basic Auth Setup Example

In your environment-specific dispatcher config (dispatcher_auth_lower1.conf), you can have something like:

<Location />
    AuthType Basic
    AuthName "Restricted Area"
    AuthUserFile /path/to/env1/.htpasswd
    Require valid-user
</Location>

The .htpasswd file contains the username/password hashes for that environment only.

5. Keep Production Free From Auth

Simply do not include any Basic Auth config or .htpasswd for production dispatcher config.
This keeps production public and unaffected.

Santosh Sai

bishnu_satpathy_tcs · 6/23/25

thanks Sathosh.

can I get a little help in executing the script through CI/CD. We are using adobe cloud manager.

kautuk_sahni · 7/2/25

@bishnu_satpathy_tcs Just checking in — were you able to resolve your issue?
We’d love to hear how things worked out. If the suggestions above helped, marking a response as correct can guide others with similar questions. And if you found another solution, feel free to share it — your insights could really benefit the community. Thanks again for being part of the conversation!

Adobe Experience Manager Sites & More

Enabling Basic Authentication on AEM Publish for a Public URL for Lower Environments

1. Environment-Specific Configuration Files

2. Use Environment Variables or Deployment Automation

3. Avoid Checking Credentials into Source Control

4. Dispatcher Basic Auth Setup Example

5. Keep Production Free From Auth

Santosh Sai

Kautuk Sahni

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe