Hey Daniel - that SAML whiteboard project you mention - is sticky load balancing a requirement for that to work? We are facing that exact issue with our project's setup.
Thanks, Ben On Fri, Nov 13, 2020 at 8:24 AM Daniel Klco <daniel.k...@gmail.com> wrote: > Answers inline below. > > On Thu, Nov 12, 2020 at 11:22 AM Nicola Cisternino <ncis...@cointa.it> > wrote: > > > > Hi all > > We are newbies and come from world of web containers (which manage the > > http session state) so, my question is: > > in Sling what is the best (and standard) way to: > > 1) login via WS (Servlet) called by a JS frontend > > Sling supports a pluggable authentication system[1] and includes > support for form based[2] authentication. You can invoke the > form-based authentication endpoints directly to login / out via JS. > > > 2) extend (logged) user data with custom info (state management) > > In Sling, each user has a Resource representation under /home/users. > You could create additional child resources underneath the user's home > resource to create profile data. > > > 3) restore the session state in subsequent WS calls (without login > > again...) > > In form-based authentication, Sling uses cookies to keep the Session > ID / Sling authentication between requests so this should be > transparent. This works well for "sticky" load balancing, but will be > challenging if you cannot ensure the user lands on the same server > between requests. > > I would also note, it's best practice to not have Sling be the system > of record for user data. Another SSO / user data system will ensure > consistency across multiple Sling instances. There's a LDAP support > bundle[3] from Jackrabbit Oak (the underlying repository > implementation) which can be installed into recent versions of Sling. > We also have a work in progress implementation of SAML support in the > whiteboard (sandbox project). > > > Thanks a lot. > > > > -- > > Nicola Cisternino > > CTO - Ergon Project Manager - IT Architect > > Cointa s.r.l. > > Tel. +39 080 9371015 > > ncis...@cointa.it > > http://www.cointa.it > > [1] - > https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html > [2] - > https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html > [3] - > https://jackrabbit.apache.org/oak/docs/security/authentication/ldap.html > >
