Hi,
Author Server explicitly asks user to login.
But, why does, by default, Publish log in as anonymous user?
Generally, we log in to Publish instance also, to upload/install packages etc, otherwise it fails.
I guess that this functionality is for the end user to login anonymously.
In such a case, who needs to log in to Publish?
If LDAP requires to be integrated, should it be for Author as well as Publish?
Thanks,
Rama.
Solved! Go to Solution.
Views
Replies
Total Likes
We have 300.000 users so we don't create users in AEM, we use sso for publish login.
Check this:
For custom forms authentication:
Good luck
Views
Replies
Total Likes
Anonymous user in publish is a default behavior. Every user will be treated as anonymous. but same in not the case in author. User / adminstration
You should not upload packages in publish directly, recommended approach is to upload/install in author and then replicate these packages from author to publish.
Uses needs to log in publish only it there is a functionality where user login is need.
Here are few links for LDAP:
http://adobeaemclub.com/configuring-ldap-in-aem-6-x/
https://helpx.adobe.com/experience-manager/using/configuring-aem6-apache-directory-service.html
https://docs.adobe.com/docs/en/aem/6-0/administer/security/ldap-config.html
Views
Replies
Total Likes
Ideally, you should block any such operations like package upload etc in the publish instance.
Packages needs to be deployed using curl or maven while content needs to be pushed via replication to publish instance.
Even if its allowed all the users should not have access to it and only admin should be allowed to access (note: default admin username / pwd should have been changed ).
Views
Replies
Total Likes
Hi,
Apart from Admin, typically who needs to log in to Publish?
If LDAP requires to be integrated, should it be for Author as well as Publish?
In any case, the end users will not be there in LDAP and so cant understand the use case for integrating LDAP with Publish.
I do see that registered users should be authenticated. Could we use LDAP for this authentication?
Appreciate your responses.
Thanks,
Rama.
Views
Replies
Total Likes
Usually LDAP will be used in Author instance to integrate the internal users to login to AEM aswell.
where in for application, running in publish instance would have its own login functionality with is normally authenticated against DB.
Views
Replies
Total Likes
Hi,
That explains and thanks a lot.
So, user anonymous has only access to both /content and /bin and no other folder ?
Thanks,
Rama.
Views
Replies
Total Likes
Someone, please confirm that the user anonymous has only access to both /content and /bin and no other folders.
Thanks,
Rama.
Views
Replies
Total Likes
In publish instance, anonymous user will only have access to content
go to localhost:4502/useradmin and you can see the permission of this user
For more verification you can go to this link on documentation: https://docs.adobe.com/docs/en/cq/5-6-1/administering/security.html
Views
Replies
Total Likes
edubey wrote...
Anonymous user in publish is a default behavior. Every user will be treated as anonymous. but same in not the case in author. User / adminstration
You should not upload packages in publish directly, recommended approach is to upload/install in author and then replicate these packages from author to publish.
This is not entirely true. If you only use activation, you need to have downtime ion your live site.
Consider the following scenario: You have 4 publish instances, and you want to deploy your deployment package without any downtime. In this case you would do a rolling deployment. i.e. Stop access to two publish servers, deploy the packages. Test the servers. You would then switch access to the other two servers and follow the same procedure.
If you only used activation from the author, you would need to have downtime, as the replication event would be sent to all the publish servers, and you don't want to be deploying code to your site while it is serving live requests.
Also in previous versions of AEM, you couldn't uninstall a package that had been deployed by activation.
Regards,
Opkar
Views
Replies
Total Likes
We have 300.000 users so we don't create users in AEM, we use sso for publish login.
Check this:
For custom forms authentication:
Good luck
Views
Replies
Total Likes
Views
Likes
Replies