Configure LDAP and SSO

User Administration And Security

Configure LDAP and SSO

Configure LDAP

CQ OOTB comes with LDAP module enabled. However you have to enable LDAP authentication with some custom configuration

  • First make sure that your LDAP server is configured and you have credentials to configure LDAP.
  • Make sure that your CQ server can communicate to LDAP server on specified port.
  • To instruct CQ to use LDAP Authentication module, open and edit /crx-quickstart/repository/repository.xml
  • Remove Login module configuration from repository.xml
  • Create ldap_conf.conf file and put it under /crx-quickstart/conf. You can get sample file from here
  • Add following option to JVM_PARAM (See lesson-1 for how to set JVM Param)
  • -Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf
  • For example:
  • 32-bit VM:
  • java -Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf -Xmx384M -jar crx-quickstart-<version>.jar
  • 64-bit VM:
  • java -Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf -XX:MaxPermSize=128m -Xmx512M -jar crx-quickstart-<version>.jar
  • Restart CQ
  • Check if you are able to login using LDAP credentials.
  • For more options like how to configure LDAP Over SSL or on different app server please refer this document

LDAP Frequently Asked Question:

http://helpx.adobe.com/adobe-cq/using/faq-integrating-cq-ldap.html

Configure SSO:

Similar to LDAP CQ comes with SSO Authentication handler enabled OOTB

  • The SSO Authentication Handler can be configured to search for a ssid (SSO Identifier) in:
    1. Request Headers
    2. Cookies
    3. Request Parameters
  • The SSO Authentication Handler sets the TrustedInfo attribute. So to enable trusted authentication with CQ, the CRX LoginModule must be configured to recognize the name of this attribute; this is done in repository.xml (or the login module configuration file for JAAS; as referred to in the java.security.auth.login.config system property). The name of the configuration parameter is trust_credentials_attribute in both configuration files.
  • For that open to edit /crx-quickstart/repository/repository.xml
  • Add following section for Login Module...

LoginModule class="com.day.crx.core.CRXLoginModule">

<param name="trust_credentials_attribute" value="TrustedInfo"/>

<param name="anonymous_principal" value="anonymous"/>

</LoginModule>

  • Configure SSO authentication Handler from felix console by going to <HOST>:<PORT>/system/console/configMgr
SSO Authentication in CQ
  • Restart CQ
  • Check that SSO is working
  • More information about SSO can be obtained from here