Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Publish Login

nsvsrk
Level 7
Level 7

Hi,

Author Server explicitly asks user to login.

But, why does, by default, Publish log in as anonymous user?

Generally, we log in to Publish instance also, to upload/install packages etc, otherwise it fails.

I guess that this functionality is for the end user to login anonymously.

In such a case, who needs to log in to Publish?

If LDAP requires to be integrated, should it be for Author as well as Publish?

Thanks,

Rama.

1 Accepted Solution
wisemage_
Correct answer by
Level 2
Level 2

We have 300.000 users so we don't create users in AEM, we use sso for publish login.

Check this: 

https://github.com/Adobe-Consulting-Services/acs-aem-samples/tree/master/bundle/src/main/java/com/ad...

 

For custom forms authentication:

  1. Create a login page with a form
  2. Validate username/password against to your database or other idp system on form post
  3. Assign a secure authentication cookie
  4. Check authentication cookie on web server, redirect user to login page if not authenticated.

Good luck

View solution in original post

9 Replies
edubey
Level 10
Level 10

Anonymous user in publish is a default behavior. Every user will be treated as anonymous. but same in not the case in author. User / adminstration

You should not upload packages in publish directly, recommended approach is to upload/install in author and then replicate these packages from author to publish.

Uses needs to log in publish only it there is a functionality where user login is need.

Here are few links for LDAP:

http://adobeaemclub.com/configuring-ldap-in-aem-6-x/

https://helpx.adobe.com/experience-manager/using/configuring-aem6-apache-directory-service.html

https://docs.adobe.com/docs/en/aem/6-0/administer/security/ldap-config.html

Lokesh_Shivalingaiah
Community Advisor
Community Advisor

Ideally, you should block any such operations like package upload etc in the publish instance. 

Packages needs to be deployed using curl or maven while content needs to be pushed via replication to publish instance.

Even if its allowed all the users should not have access to it and only admin should be allowed to access (note: default admin username / pwd should have been changed ). 

nsvsrk
Level 7
Level 7

Hi,

Apart from Admin, typically who needs to log in to Publish?

If LDAP requires to be integrated, should it be for Author as well as Publish?

In any case, the end users will not be there in LDAP and so cant understand the use case for integrating LDAP with Publish.

I do see that registered users should be authenticated. Could we use LDAP for this authentication?

Appreciate your responses.

Thanks,

Rama.

Lokesh_Shivalingaiah
Community Advisor
Community Advisor

Usually LDAP will be used in Author instance to integrate the internal users to login to AEM aswell.

where in for application, running in publish instance would have its own login functionality with is normally authenticated against DB. 

nsvsrk
Level 7
Level 7

Hi,

That explains and thanks a lot.

So, user anonymous has only access to both /content and /bin and no other folder ?

Thanks,

Rama.

nsvsrk
Level 7
Level 7

Someone, please confirm that the user anonymous has only access to both /content and /bin and no other folders.

Thanks,

Rama.

edubey
Level 10
Level 10

In publish instance, anonymous user will only have access to content

go to localhost:4502/useradmin and you can see the permission of this user

For more verification you can go to this link on documentation: https://docs.adobe.com/docs/en/cq/5-6-1/administering/security.html

Opkar_Gill
Employee
Employee

edubey wrote...

Anonymous user in publish is a default behavior. Every user will be treated as anonymous. but same in not the case in author. User / adminstration

You should not upload packages in publish directly, recommended approach is to upload/install in author and then replicate these packages from author to publish.

This is not entirely true. If you only use activation, you need to have downtime ion your live site.

Consider the following scenario: You have 4 publish instances, and you want to deploy your deployment package without any downtime. In this case you would do a rolling deployment. i.e. Stop access to two publish servers, deploy the packages. Test the servers. You would then switch access to the other two servers and follow the same procedure. 

If you only used activation from the author, you would need to have downtime, as the replication event would be sent to all the publish servers, and you don't want to be deploying code to your site while it is serving live requests.

Also in previous versions of AEM, you couldn't uninstall a package that had been deployed by activation.

Regards,

Opkar

wisemage_
Correct answer by
Level 2
Level 2

We have 300.000 users so we don't create users in AEM, we use sso for publish login.

Check this: 

https://github.com/Adobe-Consulting-Services/acs-aem-samples/tree/master/bundle/src/main/java/com/ad...

 

For custom forms authentication:

  1. Create a login page with a form
  2. Validate username/password against to your database or other idp system on form post
  3. Assign a secure authentication cookie
  4. Check authentication cookie on web server, redirect user to login page if not authenticated.

Good luck

View solution in original post