To apply the CUG to a page:
If I am using a custom Authentication handler and my users reside in some database.
In extract Credentials method I authenticate my user from request i.e. j_username check that it exists and password is correct probably from database, I ask TokenUtil to create credentials to create necessary login token for that user to have access to aem.
But in such cases, how / who decides if user has access to that particular cases, which in crx based login would be done by group /CUG associated to that user.
Here since I would not have any user created in crx how the authorization should happen to see if that user has access to that page?
any help is welcome.
Regards.
Views
Replies
Total Likes
APPLYING YOUR CLOSED USER GROUP TO CONTENT PAGES
To apply the CUG to a page:
Navigate to the root page of the restricted section you want to assign to your CUG.
Open the Page Properties (from the Page tab in the Sidekick).
Open the Advanced tab.
Expand the Closed User Group pane.
Click Enabled to define that this page (and any child pages) belong to a CUG.
Specify the Login Page that members of the group will use; for example:
/content/geometrixx/en/toolbar/login.html
This is optional, if left blank the standard login page will be used.
Add the Admitted Groups. Use + to add groups or - to remove. Only members of these groups will be allowed to log in and access the pages.
Assign a Realm (a name for the groups of pages) if required. Leave empty to use the page title.
Click OK to save the specification.
Views
Replies
Total Likes
HI Tuhin,
Thanks for the reply.
But this will be possible when I have groups and users in AEM . I am talking about not having users and groups in AEM but have them store outside of AEM.
How / who would be doing the authorization part in that case?
Regards
Views
Replies
Total Likes
Hi,
with a custom authentication handler, after you authenticate against the external system, you must have/create a user in AEM. If you look at the LDAP and SAML authentication mechanisms, there is always the option to use an existing user or create a new user. You cannot get a login token in AEM without a user that exists in AEM.
Regards,
Opkar
Views
Replies
Total Likes
Thanks Opkar,
There is an option with SAML not to create users/groups .That means if I choose not to create them in AEM It should be possible right?
Moreover If there are millions of user , should we be really duplicating those many users to burden repository?
Regards,
Allhad
Views
Replies
Total Likes
Hi Allhad,
the option to not create users means you will import the users yourself into AEM. The same goes for LDAP. So, you either create users on the fly or you import them beforehand.
You bring up a good question about duplicating user profiles, however, remember that no personal information will be stored in AEM about these users, they are basically a placeholder in AEM for users authenticated against the backend system and it allows the user to log in and AEM to resolve permissions for that user(You would of course add them to a group).
An approach you could use to deal with millions of users is to purge inactive users on a regular basis.
Regards,
Opkar
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies