Adobe Experience Manager Sites & More

varshsr · 5:25:53 AM

Based on the scenarios - please share any point of views / additional inputs

Scenario1 :- Which is better for custom authentication with a DB - User name and Password in DB and no need them to be synced into AEM

(1) Simple Servlet Filter for url pattern & then a Servlet for login form

(2) Sling Custom Authentication Handler & Custom Login Module with Pre - Authenticated State

(3) OAK Identity provider & Custom Login Module with Pre - Authenticated State

From my POV would prefer an (1) Servlet - Clean and Simple also web entry is the first layer of defense - any additional point of views ?

Scenario2 - Which is better for custom authentication with a DB - User name and Password in DB and need to sync them to AEM for JCR permisons

(1) Simple Servlet Filter for url pattern & then a Servlet for login form

(2) Sling Custom Authentication Handler & OOTB Login Module

(3) OAK Identity provider & OOTB Login Module

From my POV would prefer an (2) or (3) as user needs to be synced and need a jcr session any additional point of views ?

justin_at_adobe · 5:44:33 AM

Regarding the first scenario, what I was trying to say is that you cannot get the full functionality of AEM without syncing users. I suppose in some limited use case, this might work, but I've rarely see a case where only authentication was necessary or appropriately. After all, if you are authenticating users, it is usually to give them some kind of value in having done that authentication, which means some level of authorization as well.

元の投稿で解決策を見る

justin_at_adobe · 6:31:15 AM

Hi,

I don't think the first scenario is really work considering.

For the second scenario, you should be using an Oak Identity Provider. No Custom Login Module would be necessary.

Regards,

Justin

varshsr · 6:51:50 AM

Hi Justin,

Not getting your view on the 1st Scenario - Can you please elaborate

What will be the pros /cons of using a servlet for 1st Scenario

varshsr · 6:58:40 AM

Yes no custom login module for scenario 2 - that was a copy / paste :-) as user synced via sync handler the default login model should work . Updated the scenario with OOTB login module

justin_at_adobe · 5:44:33 AM

Regarding the first scenario, what I was trying to say is that you cannot get the full functionality of AEM without syncing users. I suppose in some limited use case, this might work, but I've rarely see a case where only authentication was necessary or appropriately. After all, if you are authenticating users, it is usually to give them some kind of value in having done that authentication, which means some level of authorization as well.