You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@sling.apache.org by Bernd Winterstein <be...@winterstein-web.de> on 2013/11/05 12:02:47 UTC

authenticate user against external system

Hi
In my sling application I would like to authenticate against an external
system. Scenario is as following:

1. The credentials are validated via sling basic/form login against the
external system. (LDAP, Database, whatever)
2. If the external system grants access and the jcr user is not existing,
autocreate the user with group memberships according to the information
provided by the external system.

I read the sling documentation about the authentication framework, but I'm
still confused. Where can I plug in the authentication and user creation?

Regards,

Bernd

Re: authenticate user against external system

Posted by Felix Meschberger <fm...@adobe.com>.

Hi

You probably want to implement an AuthenticationHandler service. You might want to look at the OpenID authentication handler [1]. This handler leverages OpenID to validate the identity of the user and creates the user on-demand linking the user to the OpenID identity.

Another approache, that we have taken in our commercial product is to implement a JAAS LoginModule for the Jackrabbit to sync the user detail information with the LDAP server. The advantage of this implementation is that the authentication is transparent to the consumer of the JCR Repository.login method. But it is somewhat more involved to implement and configure.

Hope this helps.

Regards
Felix

[1] http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/openid/

Am 05.11.2013 um 12:02 schrieb Bernd Winterstein <be...@winterstein-web.de>:

> Hi
> In my sling application I would like to authenticate against an external
> system. Scenario is as following:
> 
> 1. The credentials are validated via sling basic/form login against the
> external system. (LDAP, Database, whatever)
> 2. If the external system grants access and the jcr user is not existing,
> autocreate the user with group memberships according to the information
> provided by the external system.
> 
> I read the sling documentation about the authentication framework, but I'm
> still confused. Where can I plug in the authentication and user creation?
> 
> Regards,
> 
> Bernd