§ First make sure that your LDAP server is configured and you have credentials to configure LDAP.
§ Make sure that your CQ server can communicate to the LDAP server on the specified port.
§ To instruct CQ to use LDAP Authentication module, open and edit /crx-quickstart/repository/repository.xml
§ Remove Login module configuration from repository.xml
§ Create ldap_conf.conf file and put it under /crx-quickstart/conf.
§ Add the following option to JVM_PARAM (See lesson-1 for how to set JVM Param)
§ -Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf
§ For example:
§ 32-bit VM:
§ java -Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf -Xmx384M -jar crx-quickstart-<version>.jar
§ 64-bit VM:
§ java -Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf -XX:MaxPermSize=128m -Xmx512M -jar crx-quickstart-<version>.jar
§ Restart CQ
§ Check if you are able to login using LDAP credentials.
§ For more options like how to configure LDAP Over SSL or on different app server please refer this document
§ Make sure that your CQ server can communicate to the LDAP server on the specified port.
§ To instruct CQ to use LDAP Authentication module, open and edit /crx-quickstart/repository/repository.xml
§ Remove Login module configuration from repository.xml
§ Create ldap_conf.conf file and put it under /crx-quickstart/conf.
§ Add the following option to JVM_PARAM (See lesson-1 for how to set JVM Param)
§ -Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf
§ For example:
§ 32-bit VM:
§ java -Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf -Xmx384M -jar crx-quickstart-<version>.jar
§ 64-bit VM:
§ java -Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf -XX:MaxPermSize=128m -Xmx512M -jar crx-quickstart-<version>.jar
§ Restart CQ
§ Check if you are able to login using LDAP credentials.
§ For more options like how to configure LDAP Over SSL or on different app server please refer this document
Configure SSO:
Similar to LDAP CQ comes with SSO Authentication handler enabled OOTB
§ The SSO Authentication Handler can be configured to search for an SSID (SSO Identifier) in:
1. Request Headers
2. Cookies
3. Request Parameters
Similar to LDAP CQ comes with SSO Authentication handler enabled OOTB
§ The SSO Authentication Handler can be configured to search for an SSID (SSO Identifier) in:
1. Request Headers
2. Cookies
3. Request Parameters
§ The SSO Authentication Handler sets the TrustedInfo attribute. So to enable trusted authentication with CQ, the CRX LoginModule must be configured to recognize the name of this attribute; this is done in repository.xml (or the login module configuration file for JAAS; as referred to in the java.security.auth.login.config system property). The name of the configuration parameter is trust_credentials_attribute in both configuration files.
§ For that open to edit /crx-quickstart/repository/repository.xml
§ Add the following section for the Login Module...
§ For that open to edit /crx-quickstart/repository/repository.xml
§ Add the following section for the Login Module...
LoginModule class="com.day.crx.core.CRXLoginModule">
<param name="trust_credentials_attribute" value="TrustedInfo"/>
<param name="anonymous_principal" value="anonymous"/>
</LoginModule>
<param name="trust_credentials_attribute" value="TrustedInfo"/>
<param name="anonymous_principal" value="anonymous"/>
</LoginModule>
§ Configure SSO authentication Handler from felix console by going to <HOST>:<PORT>/system/console/configMgr
§ Restart CQ
§ Check that SSO is working.
§ Restart CQ
§ Check that SSO is working.
No comments:
Post a Comment
If you have any doubts or questions, please let us know.