which is better for using external authentication with DB ?

Question

Based on the scenarios - please share any point of views / additional inputs

Scenario1 :- Which is better for custom authentication with a DB - User name and Password in DB and no need them to be synced into AEM

(1) Simple Servlet Filter for url pattern & then a Servlet for login form

(2) Sling Custom Authentication Handler & Custom Login Module with Pre - Authenticated State

(3) OAK Identity provider & Custom Login Module with Pre - Authenticated State

From my POV would prefer an (1) Servlet - Clean and Simple also web entry is the first layer of defense - any additional point of views ?

Scenario2 - Which is better for custom authentication with a DB - User name and Password in DB and need to sync them to AEM for JCR permisons

(1) Simple Servlet Filter for url pattern & then a Servlet for login form

(2) Sling Custom Authentication Handler & OOTB Login Module

(3) OAK Identity provider & OOTB Login Module

From my POV would prefer an (2) or (3) as user needs to be synced and need a jcr session any additional point of views ?

JustinEd3 · Accepted Answer

Regarding the first scenario, what I was trying to say is that you cannot get the full functionality of AEM without syncing users. I suppose in some limited use case, this might work, but I've rarely see a case where only authentication was necessary or appropriately. After all, if you are authenticating users, it is usually to give them some kind of value in having done that authentication, which means some level of authorization as well.

JustinEd3 · Answer

Hi,I don't think the first scenario is really work considering.For the second scenario, you should be using an Oak Identity Provider. No Custom Login Module would be necessary.Regards,Justin

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded