April 20, 2020
Estimated Post Reading Time ~

Stateful Authentication using AEM Token authentication Handler

By default, AEM uses the Token Authentication Handler to authenticate each request. However, in order to serve authentication requests, the Token Authentication Handler requires access to the repository for every request. 

This happens because cookies are used to maintain the authentication state. Logically, the state needs to be persisted in the repository in order to validate subsequent requests. In effect, this means that the authentication mechanism is stateful.

This is of particular importance for horizontal scalability. In a multi instances setup like the publish farm depicted below, load balancing cannot be achieved in an optimal manner. With stateful authentication, the persisted authentication state will only be available on the instance where the user is first authenticated.



Disadvantages
1. A user may be authenticated on publish instance one, but if a subsequent request goes to publish instance two, that instance does not have that persisted authentication state, because that state was persisted in the repository of publishing one and publish two has its own repository.
2. The solution for this is to configure sticky connections at the load balancer level. With sticky connections, a user would always be directed to the same publish instance. As a consequence, truly optimal load balancing is not possible.
3. In case a publish instance becomes unavailable, all the users authenticated on that instance will lose their session. This is because repository access is needed to validate the authentication cookie.


By aem4beginner

No comments:

Post a Comment

If you have any doubts or questions, please let us know.