Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events

External Authentication won't correctly set USER name or Role


Level 2

I am using JAVA under Google App Engine for my backend and attempting to log a user into a room using external authentication. I can connect and get into the room just fine my issue is with the user infomation once I am logged in. The user has a null username and ID (possibly generated) and thier role is set to zero (or at least not high enough to publish). If the room is set to auto-Promote then I do have the ability to publish (this is what I would expect) but still I needed the user to have a role of owner (so they can create nodes).

Here is a little of the java on the back end (I removed my shared secret):

public String getRoomToken(String roomID, String userName, String userID, int userRole)      {

           try {               

                         Session session = am.getSession(roomID);

             return session.getAuthenticationToken(..., "Bob", "TestID", 100);               

                         //return session.getAuthenticationToken(..., userName, userID, userRole);          

                      } catch (Exception e) {

               // TODO Auto-generated catch block



                    return null;


getAuthenticationToken is hardely changed from what is in the AFCS.java in the examples folder but here it is in any case

/**      * get an external authentication token      */

public String getAuthenticationToken(String accountSecret, String name, String id, int role) throws Exception


     if (role < UserRole.NONE || role > UserRole.OWNER)

         throw new Error("invalid-role");

        String token = "x:" + name + "::" + this.account

         + ":" + id + ":" + this.room + ":"+ Integer.toString(role);

        String signed = token + ":" + sign(accountSecret, token);

        // unencoded      

               //String ext = "ext=" + signed;       

               // encoded

       String ext = "exx=" + Utils.base64(signed);

       return ext;


This should work. My Shared secret is removed above but I doubt that is the problem as my app does authenticate just fine it just throws an exception telling me I don't have the required permissions to publish when I try to do anything. while observing from the DevConsole I see a user in the room but they are marked as null. Note that non-external authentication works just fine. If I hardcode my login creds in AdobeHSAuthenticator I can get in just fine with no issue. Also if the room I get an authenticationToken for does not match the roomURL I connect to with ConnectSessionContainer I will fail to login correctly like I would expect. So I know my credentials are getting to the AFCS and being decrypted correctly (as I can only authenticate for the room I send in that credential token) but for some reason it simply won't set my role and username/userid correctly.  Any help would be great, this has caused me a great deal of grief for days now...

Thanks guys...


2 Replies



This is very strange. The only thing I can think of is that you are

getting logged in ad a guest with no name (maybe because you have the

username set to somenthing like '' in the authenticator ?)

Can you please post the logs from the debug window and the code you

use to set the aythenticator ?

For external authentication you should have something like:

auth = new AdobeHSAuthenticator();

auth.authenticationToken = <valueFromServer>;<br /><br />Where <valueFromServer> is something like:



Level 2

Well this is wierd I was trying to set this up so that I could get the log output on that run and I ended up changing

<rtc:AdobeHSAuthenticator id="auth" authenticationKey="{Application.application.parameters['token'] as String}"/>


<rtc:AdobeHSAuthenticator id="auth" authenticationKey="{token}"/>

and adding a preinitialize function of:

protected function preInit():void


            templateID = Application.application.parameters['room'];

             token = Application.application.parameters['token'];


oddly enough it now works like a charm now. It is still disconcerting that I was able to actually enter the room even though my token was somehow corrupted (that probably isn't intened behavior). If this shows up agian I will try and track down the particulars and send you guys an email as an FYI. thanks for the help....