Expand my Community achievements bar.

SOLVED

which is better for using external authentication with DB ?

Avatar

Level 5

 Based on the scenarios - please share any point of views / additional inputs

Scenario1 :- Which is better for custom authentication with  a DB - User name and Password in DB and no need them to be synced into AEM

(1) Simple Servlet Filter for url pattern & then a Servlet for login form 

(2) Sling Custom Authentication Handler & Custom Login Module with Pre - Authenticated State

(3) OAK Identity provider & Custom Login Module with Pre - Authenticated State

From my POV would prefer an (1) Servlet - Clean and Simple also web entry is the first layer of defense -  any additional point of views ?

 Scenario2 - Which is better for custom authentication with  a DB - User name and Password in DB and need to sync them to AEM for JCR permisons

(1) Simple Servlet Filter for url pattern & then a Servlet for login form 

(2) Sling Custom Authentication Handler & OOTB Login Module

(3) OAK Identity provider & OOTB Login Module

From my POV would prefer an (2) or (3) as user needs to be synced and need a jcr session  any additional point of views ?

1 Accepted Solution

Avatar

Correct answer by
Employee

Regarding the first scenario, what I was trying to say is that you cannot get the full functionality of AEM without syncing users. I suppose in some limited use case, this might work, but I've rarely see a case where only authentication was necessary or appropriately. After all, if you are authenticating users, it is usually to give them some kind of value in having done that authentication, which means some level of authorization as well.

View solution in original post

4 Replies

Avatar

Employee

Hi,

I don't think the first scenario is really work considering.

For the second scenario, you should be using an Oak Identity Provider. No Custom Login Module would be necessary.

Regards,

Justin

Avatar

Level 5

Hi Justin,

Not getting your view on the 1st Scenario - Can you please elaborate 

What will be the pros /cons of using a servlet for 1st Scenario

Avatar

Level 5

Yes no custom login module for scenario 2 - that was a copy / paste :-) as user synced  via sync handler the default login model should work . Updated the scenario with OOTB login module

Avatar

Correct answer by
Employee

Regarding the first scenario, what I was trying to say is that you cannot get the full functionality of AEM without syncing users. I suppose in some limited use case, this might work, but I've rarely see a case where only authentication was necessary or appropriately. After all, if you are authenticating users, it is usually to give them some kind of value in having done that authentication, which means some level of authorization as well.