Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

LDAP for Publish Instances

Avatar

Level 2

Hello, 

I've read the following documentation:

http://dev.day.com/docs/en/crx/current/administering/ldap_authentication.html#Configuring

http://helpx.adobe.com/cq/kb/LdapConfig.html

But they seem to only pertain to Author instances. I'm looking to use SSO and ActiveDirectory for users to log into an extranet site on CQ and be able to move freely between 3 different "sites" without having to log in again....what is needed to make this happen on a publish instance? Can I do the same configurations and then use CQ's OOTB login functionality, or am I going to have to write my own custom login module? 

1 Accepted Solution

Avatar

Correct answer by
Level 5

You can use LDAP on publish same way you are using in author. If you are planning to use SSO then based on SSO product you are using (for example siteminder etc) you can configure your publish instance accordingly. You can also use SAML2.0 authentication (CQ5.6 onward) to authenticate against multiple systems across your org. Based on requirement you have, you might have to extend authentication handler and authentication module. Here is information about all of this,

1) SSO -- http://dev.day.com/docs/en/cq/current/deploying/single_sign_on.html

2) SSO with LDAP -- http://dev.day.com/docs/en/crx/current/administering/ldap_authentication.html#LDAP with Single Sign On

3) SMAL2.0 -- http://helpx.adobe.com/cq/kb/saml-demo.html OR http://dev.day.com/content/docs/en/cq/current/core/administering/saml-2-0-authenticationhandler.html

4) Extend auth handler and module --  http://www.wemblog.com/2013/03/how-to-create-custom-authentication.html

Yogesh

View solution in original post

3 Replies

Avatar

Correct answer by
Level 5

You can use LDAP on publish same way you are using in author. If you are planning to use SSO then based on SSO product you are using (for example siteminder etc) you can configure your publish instance accordingly. You can also use SAML2.0 authentication (CQ5.6 onward) to authenticate against multiple systems across your org. Based on requirement you have, you might have to extend authentication handler and authentication module. Here is information about all of this,

1) SSO -- http://dev.day.com/docs/en/cq/current/deploying/single_sign_on.html

2) SSO with LDAP -- http://dev.day.com/docs/en/crx/current/administering/ldap_authentication.html#LDAP with Single Sign On

3) SMAL2.0 -- http://helpx.adobe.com/cq/kb/saml-demo.html OR http://dev.day.com/content/docs/en/cq/current/core/administering/saml-2-0-authenticationhandler.html

4) Extend auth handler and module --  http://www.wemblog.com/2013/03/how-to-create-custom-authentication.html

Yogesh

Avatar

Employee

You can use LDAP in publish. It's far less common than for LDAP to be used in author, but it is certainly possible and would be configured the same way.

Avatar

Level 2

Excellent, thank you! I will give this all a try and see if it will work.