Adobe Experience Manager Sites & More

avalers · 10/15/15

Hi,
I'm working in add users from other app and login into CQ5. One of the ideas is to use Trusted Credential Attribute. However, it's seems to be deprecated for security issues.

Someone can confirm this? What's the other alternative?

Thanks,

Sham_HC · 10/15/15

avalers wrote...

Should be work if I use in my custom AuthenticationHandler?

The auth handler sits on top of the repository where as the login module acts inside the repository. The login module allows logins directly on the jcr API, eg via jcr remoting, webdav.... on the other side the auth handler only works when accessing via sling. if you choose to go with the AuthenticationHandler use com.day.crx.security.token.TokenUtil#createCredentials as Trusted Credentials is deprecated.

View solution in original post

Sham_HC · 10/15/15

This is to confirm trust_credentials_attribute is deprecated.
Workaround is implement an custom loginmodule in that override isPreAuthenticated method also & deploy as OSGi fragment.

Sam205505050 · 10/15/15

Even though you see this message in error.log but it is still valid. I have implemented cookie and header based SSO in 5.6.1 using Trusted Credential Attribute in repoasitory.xml

avalers · 10/15/15

could you share with me your example? The code when you set the trusted-credentials?

avalers · 10/15/15

Could you provide more information and some examples?

Thanks,

Sham_HC · 10/15/15

avalers wrote...

Could you provide more information and some examples?

Thanks,

High level steps at http://www.wemblog.com/2012/06/how-to-add-custom-login-module-in-cq55.html

avalers · 10/15/15

thank you so much!

what's the difference with this approach:

https://issues.apache.org/jira/browse/JCR-3293

Should be work if I use in my custom AuthenticationHandler?

Subject s = getAndPopulateTheSubject(); Session session = Subject.doAs(s, new PrivilegedExceptionAction() {public Session run() throws RepositoryException {return repository.login(); } });

Sham_HC · 10/15/15

avalers wrote...

Should be work if I use in my custom AuthenticationHandler?

The auth handler sits on top of the repository where as the login module acts inside the repository. The login module allows logins directly on the jcr API, eg via jcr remoting, webdav.... on the other side the auth handler only works when accessing via sling. if you choose to go with the AuthenticationHandler use com.day.crx.security.token.TokenUtil#createCredentials as Trusted Credentials is deprecated.

Sam205505050 · 10/15/15

I've used OOTB SSO authentication handler and modified repository.xml as follows-

And in case we need to write custom auth handler then we can write logic in extractCredentials method and direct the user in authenticationSucceeded method.

avalers · 10/15/15

Do you have information regarding tokenCredentials. I made this implementation:

credentials = new SimpleCredentials(extractedUserId, extractedPassword.toCharArray());
credentials.setAttribute(".token", "");
   credentials.setAttribute(trustCredentials, "this value is inconsequential");
   TokenCredentials tc = new TokenCredentials((String)credentials.getAttribute(".token"));
   AuthenticationInfo authInfo = new AuthenticationInfo("TOKEN", credentials.getUserID());

However, I received this error:

java.lang.IllegalArgumentException: Invalid token ''
at org.apache.jackrabbit.api.security.authentication.token.TokenCredentials.<init>(TokenCredentials.java:42)

avalers · 10/15/15

It's possible to do this without provide any user and password?

Adobe Experience Manager Sites & More

Trusted Credential in SSO

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe