I have AEM 5.6.1 implementation which is heavily content based application and implemented single sign on using Some Central authentication Services and Publish server has URL protected like /content, /etc, /dam /bin etc.
So anybody try to access CQ Content path mostly will be redirected to CAS …Browser gets Auth token after successful login and then CQ5 publish let you go into the system.
Requirement is want to expose some of the content as Json Service and I can expose content i.e. /content/xyz.6.json. or I can write a Sling servlet and dump any content path into JSON Reponses.
CQ5 is running in domain x1.x.com. while Other client is running x2.x.xom . both are under the same CAS and understand Auth Cookies very well ..so in the same browser session if I am logged in, I can access cq5 CONTENT OR servlet like this http://x1.x.com/content/xyz.6.json or . http://x1.x.com/bin/jsonContentService so accessing CQ5 any Content URL in the same browser is not an issue.
Where is the Problem?
When I try to make a ajax call in JS code in x2.x.xom to http://x1.x.com/content/xyz.6.json I get several issue.
- Cors… so I put this in the IIS web.config in cq5 side “
Access-Control-Allow-Origin *” so this is taken care. Auth Cookies are available in browser and when content URL is called from AJAX call/restful Cookies are being passed to CQ5 SSO code but Custom Client SSO in Publish does not understand the Auth Cookies and redirect to CAS Login URL.
If you try to access the Same Content URL in browser then Custom SSO on Publish able to reads the Auth cookies and let you go..I understand this is very vague situation people talks a lot on this in several blogs and forum. Anybody can share some thoughts?
My primary question is why Auth works in Browser access but not in Ajax call?
Regards,
Chandra
