Publish Login | Community
Skip to main content
N
nsvsrk
New Participant
January 21, 2016
Solved

Publish Login

  • January 21, 2016
  • 9 replies
  • 4062 views

Hi,

Author Server explicitly asks user to login.

But, why does, by default, Publish log in as anonymous user?

Generally, we log in to Publish instance also, to upload/install packages etc, otherwise it fails.

I guess that this functionality is for the end user to login anonymously.

In such a case, who needs to log in to Publish?

If LDAP requires to be integrated, should it be for Author as well as Publish?

Thanks,

Rama.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by wisemage_

We have 300.000 users so we don't create users in AEM, we use sso for publish login.

Check this: 

https://github.com/Adobe-Consulting-Services/acs-aem-samples/tree/master/bundle/src/main/java/com/adobe/acs/samples/authentication/impl

 

For custom forms authentication:

  1. Create a login page with a form
  2. Validate username/password against to your database or other idp system on form post
  3. Assign a secure authentication cookie
  4. Check authentication cookie on web server, redirect user to login page if not authenticated.

Good luck

9 replies

wisemage_
wisemage_Accepted solution
New Participant
February 24, 2016

We have 300.000 users so we don't create users in AEM, we use sso for publish login.

Check this: 

https://github.com/Adobe-Consulting-Services/acs-aem-samples/tree/master/bundle/src/main/java/com/adobe/acs/samples/authentication/impl

 

For custom forms authentication:

  1. Create a login page with a form
  2. Validate username/password against to your database or other idp system on form post
  3. Assign a secure authentication cookie
  4. Check authentication cookie on web server, redirect user to login page if not authenticated.

Good luck

O
ogill
Employee
January 27, 2016

edubey wrote...

Anonymous user in publish is a default behavior. Every user will be treated as anonymous. but same in not the case in author. User / adminstration

You should not upload packages in publish directly, recommended approach is to upload/install in author and then replicate these packages from author to publish.

This is not entirely true. If you only use activation, you need to have downtime ion your live site.

Consider the following scenario: You have 4 publish instances, and you want to deploy your deployment package without any downtime. In this case you would do a rolling deployment. i.e. Stop access to two publish servers, deploy the packages. Test the servers. You would then switch access to the other two servers and follow the same procedure. 

If you only used activation from the author, you would need to have downtime, as the replication event would be sent to all the publish servers, and you don't want to be deploying code to your site while it is serving live requests.

Also in previous versions of AEM, you couldn't uninstall a package that had been deployed by activation.

Regards,

Opkar

edubey
edubey
New Participant
January 26, 2016

In publish instance, anonymous user will only have access to content

go to localhost:4502/useradmin and you can see the permission of this user

For more verification you can go to this link on documentation: https://docs.adobe.com/docs/en/cq/5-6-1/administering/security.html

N
nsvsrkAuthor
New Participant
January 26, 2016

Someone, please confirm that the user anonymous has only access to both /content and /bin and no other folders.

Thanks,

Rama.

N
nsvsrkAuthor
New Participant
January 22, 2016

Hi,

That explains and thanks a lot.

So, user anonymous has only access to both /content and /bin and no other folder ?

Thanks,

Rama.

Lokesh_Shivalingaiah
Lokesh_Shivalingaiah
New Participant
January 22, 2016

Usually LDAP will be used in Author instance to integrate the internal users to login to AEM aswell.

where in for application, running in publish instance would have its own login functionality with is normally authenticated against DB. 

N
nsvsrkAuthor
New Participant
January 22, 2016

Hi,

Apart from Admin, typically who needs to log in to Publish?

If LDAP requires to be integrated, should it be for Author as well as Publish?

In any case, the end users will not be there in LDAP and so cant understand the use case for integrating LDAP with Publish.

I do see that registered users should be authenticated. Could we use LDAP for this authentication?

Appreciate your responses.

Thanks,

Rama.

Lokesh_Shivalingaiah
Lokesh_Shivalingaiah
New Participant
January 22, 2016

Ideally, you should block any such operations like package upload etc in the publish instance. 

Packages needs to be deployed using curl or maven while content needs to be pushed via replication to publish instance.

Even if its allowed all the users should not have access to it and only admin should be allowed to access (note: default admin username / pwd should have been changed ). 

edubey
edubey
New Participant
January 21, 2016

Anonymous user in publish is a default behavior. Every user will be treated as anonymous. but same in not the case in author. User / adminstration

You should not upload packages in publish directly, recommended approach is to upload/install in author and then replicate these packages from author to publish.

Uses needs to log in publish only it there is a functionality where user login is need.

Here are few links for LDAP:

http://adobeaemclub.com/configuring-ldap-in-aem-6-x/

https://helpx.adobe.com/experience-manager/using/configuring-aem6-apache-directory-service.html

https://docs.adobe.com/docs/en/aem/6-0/administer/security/ldap-config.html

Terms & ConditionsAccessibility statement

Loading footer...