While integrating the login in AEM with LDAP, we may have to write our own custom external login module and this document explains how to do the same with an example.
As we all know, there are 3 configurations we need to do while configuring LDAP with AEM in order to log in with LDAP user and also to sync users from LDAP
Configure LDAP Identity Provider – Here we configure LDAP server and the property mappings
Configure Default Sync Handler – Here we configure the properties that need to be synced from the LDAP user properties with the AEM User properties while creating Users in the AEM
Configure External Login Module – Here we select the external login module factory which is used to login by authenticating Users from the external source (LDAP) and create the user when they log in for the first time using the Sync Handler. So for the external Login Module, we need to provide the LDAP IDP and Sync Handler.
In this example, let us see how to write our own custom external login module and use the LDAP Identity provider and sync handler.
Step 1: Create a maven bundle project
Step 2: Add the below dependency in pom.xml
<dependency>
<groupId>org.apache.felix</groupId>
<artifactId>org.apache.felix.jaas</artifactId>
<version>0.0.2</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.jackrabbit</groupId>
<artifactId>oak-auth-external</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
<version>3.0.0</version>
</dependency>
Step 3: Create a Service which extends ‘LoginModuleFactory’ and override createLoginModule()
Step 4: Create an ExternalLoginModule class which extends ‘AbstractLoginModule’. With the login() method, you can write your custom logic to handle once your authenticate from LDAP.
Step 5: Build and deploy the bundle. You can download the project from github
Step 6: Check if the bundle is deployed and is ‘Active’
Once the bundle is deployed successfully, go to /system/console/configMgr and search for ‘Apache Jackrabbit Oak Custom External Login Module’ (or the label you have given for the Component in your Factory class). Make sure Factory PID represents your custom Factory class.
CustomExternalLoginModule_ConfigConfigure the Identity Provider name and Sync handler.
Now, once you log in with the LDAP User, you see your custom Login Module is used to authenticate and sync the user. (Check your log files)
Refer Adobe community article on the same in detail here
No comments:
Post a Comment
If you have any doubts or questions, please let us know.