Assuming that AEM supports different types of authentication applied on to same homepage url
Say i have LDAP & SAML for the intranet & extranet sites and have same home page served via different dispatcher i guess i can configure
LDAP JAAS as a final login module & SAML handler as high priority so in this case first SAML will be used for authentication if it fails then fallback to LDAP
or alternatively should have 2 different url for home page 1 for intranet & 1 for extranet
if any additional options please share here.
Solved! Go to Solution.
Views
Replies
Total Likes
Hi,
Would you have the intranet and internet site served from the same URL? Intranet site's tend to be internal and not accessible outside your firewall. So normally you would have two separate URL's. I have even seen customers that have separate AEM servers, so there is no chance of any internal content being accidentally being published to the internet site.
If you used a single URL, you would then need to decide after authentication if the user should be redirected to the intra or internet site. Or they be asked to select which site they wish to gain access to?
Usually the the two sites would be on different content paths, with separate home pages, you could have a central home page on which the user selects which site they wish to access, but only if you are really going to expose your intranet beyond your firewall.
Regards,
Opkar
Views
Replies
Total Likes
Hi,
Would you have the intranet and internet site served from the same URL? Intranet site's tend to be internal and not accessible outside your firewall. So normally you would have two separate URL's. I have even seen customers that have separate AEM servers, so there is no chance of any internal content being accidentally being published to the internet site.
If you used a single URL, you would then need to decide after authentication if the user should be redirected to the intra or internet site. Or they be asked to select which site they wish to gain access to?
Usually the the two sites would be on different content paths, with separate home pages, you could have a central home page on which the user selects which site they wish to access, but only if you are really going to expose your intranet beyond your firewall.
Regards,
Opkar
Views
Replies
Total Likes
Thanks Opkar . I agree if teams setup that way separately .Some times due to cost constraints there could be scenarios when the same page is served for both intranet & internet with different dispatchers for intranet (inside firewall) & internet
But IDP not abstracting intranet & internet authentication - Which should be that best way
In Such cases can we have list of authentication mechanism combining OOTB SAML handler for internet & external login module (ldap) for intranet
so that same homepage url can allow authentication which ever is successful first
example
for internet access on same page- first SAML handler will get invoked if that does not succeed the fall back to external login module (LDAP) if that also fails then error out
for intranet access on same page - SAML handler will get invoked it fails the fall back to external login module (LDAP) this is successful
Also have you seen limits on syncing user in AEM repository either be it SAML or LDAP - what is the MAX(N) user node support in OAK
Views
Replies
Total Likes
Hi,
I would keep it simple and have different URL's, you can map multiple domains on a single AEM instance using dispatcher[1]
There is no hard limit on the number of users that oak can handle, in previous versions I heard of customers that would implement a cleanup job to delete accounts created if the user had not logged in within a week.
Regards,
Opkar
[1] https://docs.adobe.com/docs/en/dispatcher/disp-domains.html
Views
Replies
Total Likes
Views
Likes
Replies