EXTERNAL MODULE CONFIGS FOR AEM(LDAP)

In AEM authentication is one of the the important part, we will see few important specifics around OAK External Authentication framework  of which LDAP falls into.

The basic architecture representations of Authentication part build around OAK(Below diagram doesn't have External login module)

JCR Repository.login --> Oak Content Repository.login --> LoginModule.login -->LoginModule.commit 

Previously with jackrabbit, it used to be cumbersome and now it becomes easy with OAK through OSGI configs.
Oak LoginModule configuration all OSGI - no more jaas.conf.

Different Kinds of OAK Login Modules are as follows:

• AbstractLoginModule
• LoginModuleImpl(aka default login module)
• GuestLoginModule
• TokenLoginModule
• ExternalLoginModule

With External Login Module implementation digram should look like below as architectural scope:

In the OAK External Module flows something looks as below:

 In the above diagram

IDP : It is nothing but a proxy to authenticate with Third party system(for example LDAP).
         Provide profile information of external users and groups.

API highlights:  ExternalIdentity Provider
                            ExternalIdentity, ExternalGroup, External User
                            ExternalIdentityRef: It contains internal representation of external system. It also contains userInfo
                            SyncHandler: It is Used to Sync Users from IDP. It has two main properties.
                                rep:externalId: String representation of the external Identity Ref.
                                rep:lastSynced: It is used for expiration time tracking

Basic External Login Flows works as below listed:



With AEM 6 all LDAPS are configured via SYSTEM CONSOLE

Three OSGI configs that are required are as follows for LDAP to work is as follows:

1. An LDAP Identity Provider(LIP) 
     -  Used to define how users are retrieved from the LDAP server.
     -  It OSGI config with the  Apache Jackrabbit Oak LDAP Identity Provider can be identified.
2. A Sync Handler
     - It will define how identity Provider Users and groups will be synchronized with the repository.
     - Apache Jackrabbit Oak Default Sync Handler.
3. An External Login Module.
     - Apache jackrabbit Oak External Login Module
     - It holds the the definition of  which Identity Provider and Sync Handler to use.
  We may have scenarios like  where we may need configure multiple LDAP Configs for an AEM
  instance.

In AEM we can configure LDAP over ssl as well. If that is the case, we haver to make sure that SSL and TLS checkboxes are checked in LIP.

We even can create open SSL certificates. How to create and configure please refer citation link mentioned here.

Debugging is one of the important thing, when we ran into issues or to further understand issues or to trouble shoot. To enable debugging is as follows:

1. Go to the Web Management Console.
2. Find "Apache Sling Logging Logger Configuration" and create two loggers with the follwoing options:

• Log level: Debug
• Log File logs/ldap.log
• Message Pattern: {0,date,dd.MM.yyyy HH:mm:ss.SSS} *{4}* [{2}] {3} {5}
• Logger: org.apache.jackrabbit.oak.security.authentication.ldap

• Log level: Debug
• Log File: logs/external.log
• Message Pattern: {0,date,dd.MM.yyyy HH:mm:ss.SSS} *{4}* [{2}] {3} {5}
• Logger: org.apache.jackrabbit.oak.spi.security.authentication.external 

Citations:
 https://docs.adobe.com/docs/en/aem/6-3/administer/security/ldap-config.html
http://jackrabbit.apache.org/oak/docs/security/authentication/usersync.html
http://jackrabbit.apache.org/oak/docs/security/authentication/externalloginmodule.html
https://seminars.adobeconnect.com/p7th7m234c7/?launcher=false&fcsContent=true&pbMode=normal

Tagging mechanism in AEM

Taxonomy Root Node:

Generally all tags in the repository are stored in Taxonomy Root Node.

The taxonomy root node must be a node of type cq:Tag

In AEM base path is /etc/tags and root node of type cq:Folder

Tag Characterstics:

·       node type is cq:Tag

·       node name is a component of the TagID

·       the TagID always includes a namespace

·       optional jcr:title property (the Title to display in the UI)

·       optional jcr:description property

·       when containing child nodes, is referred to as a container tag

·       is stored in the repository below a base path called the taxonomy root node

Understanding of the Tagging structure in tabe format:

TagID	Namespace	Local ID	Container tag(s)	Leaf tag	Repository Absolute tag path
dam:fruit/apple/braeburn	dam	fruit/apple/braeburn	fruit, apple	braeburn	/etc/tags/dam/fruit/apple/braeburn
color/red	default	color/red	color	red	/etc/tags/default/color/red
sky	default	sky	(none)	sky	/etc/tags/default/sky
dam:	dam	(none)	(none)	(none, the namespace)	/etc/tags/dam
/etc/tags/category/car	category	car	car	car	/etc/tags/category/car

Moving and Merging Tags(Important point to be understood):

·       When a tag A is moved or merged into tag B under /etc/tags:

·       tag A is not deleted and gets a cq:movedTo property.

·       tag B is created (in case of a move) and gets a cq:backlinks property.

·       cq:movedTo points to tag B.
This property means that tag A has been moved or merged into tag B. Moving tag B will update this property accordingly. Tag A is thus hidden and is only kept in the repository to resolve tag IDs in content nodes pointing to tag A. The tag garbage collector removes tags like tag A once no more content nodes point to them.
A special value for the cq:movedTo property is nirvana: it is applied when the tag is deleted but cannot be removed from the repository because there are subtags with a cq:movedTo that must be kept.

·       cq:backlinks keeps the references in the other direction, i.e. it keeps a list of all the tags that have been moved to or merged with tag B. This is mostly required to keep cq:movedTo properties up to date when tag B is moved/merged/deleted as well or when tag B is activated, in which case all its backlinks tags must be activated as well.

·       Reading a cq:tags property of a content node involves the following resolving:

1.    If there is no match under /etc/tags, no tag is returned.

2.     If the tag has a cq:movedTo property set, the referenced tag ID is followed.
This step is repeated as long as the followed tag has a cq:movedTo property.

3.     If the followed tag does not have a cq:movedTo property, the tag is read.

·       To publish the change when a tag has been moved or merged, the cq:Tag node and all its backlinks must be replicated: this is automatically done when the tag is activated in the tag administration console.

·       Later updates to the page's cq:tags property automatically clean up the "old" references. This is triggered because resolving a moved tag through the API returns the destination tag, thus providing the destination tag ID

TAGGING API AND TAGGING FRAMEWORK:

Tagging Framework implementation in AEM allows management of the tags andtag conten using JCR API.

·       JcrTagManagerFactory - returns a JCR-based implementation of a TagManager. It is the reference implementation of the Tagging API.

           Ex: To retrieve a TagManager instance, you need to have a JCR Session and to    

                  call getTagManager(Session):

1 2 3 4

@Reference JcrTagManagerFactory jcrTagManagerFactory; TagManager tagManager = jcrTagManagerFactory.getTagManager(session);

·       TagManager -  allows for resolving and creating tags by paths and names.

Ex:  In the typical Sling context you can also adapt to a TagManager from         the ResourceResolver:

1	TagManager tagManager = resourceResolver.adaptTo(TagManager.class);

·       Tag - defines the tag object.

Retriving Tag Object

EX:  A Tag can be retrieved through the TagManager, by either resolving an existing tag or creating a new one:

1 2 3

Tag tag = tagManager.resolve("my/tag"); // for existing tags Tag tag = tagManager.createTag("my/tag"); // for new tags

For the JCR-based implementation, which maps Tags onto JCR Nodes, you can directly use Sling's adaptTo mechanism if you have the resource (e.g. such as /etc/tags/default/my/tag):

1	Tag tag = resource.adaptTo(Tag.class);

While a tag may only be converted from a resource (not a node), a tag can be converted to both a node and a resource :

1 2	Node node = tag.adaptTo(Node.class); Resource node = tag.adaptTo(Resource.class);

Basic customization steps, that should be done, when setting up AEM freshly for any organisation.

By default, when we first install AEM and run it, it will take us to projects.html or Content.html in Author and Publish environments. We can customize this to different paths, depending on organizational needs.

We can observe this in AEM content path  and  ConfigMgr  of  Felix console.
Under Content node properties, we can observe two properties sling:resourceType and sling:target, which will decide where it has to go.

• For sling:target property,  we can update the path on where it has to go.  For example, if we have a content package like content/xyzmobile and if we wanna redirect to that particular content, then update the sling:target with respective content package like /xyzmobile.

•  From the above step, the behaviour of the sling:resourceType with value sling:redirect will decide  and redirect it to value that was set with sling:target.  Go to ConfigMgr of the felix console and search for Day CQ Root Mapping and look for the target path and update according to your requirements.

   For ClientLibs:

           ClientLibs in AEM can be managed through Adobe Granite HTML Library
           Manager(Previously called as of Day CQ HTML Library Manager)

           the  OSGI configurations. There we can define the minification, packaging, library paths etc.. 

           This has to be set accordingly to the organizational level requirements.

                                                                                          (More points are coming up..)

Citations:
https://docs.adobe.com/docs/en/aem/6-3/deploy/best-practices/best-practices-for-queries-and-indexing.html
https://docs.adobe.com/docs/en/aem/6-3/deploy/platform/queries-and-indexing.html

OSGI FRAMEWORK

OSGI and Apache Sling:
OSGI:

• Osgi is a dynamic module system for the Java that provides within which small, reusable,     standardized components  composed into an application and deployed.
• Complete understanding of the OSGI design patterns can be seen here: http://www.computepatterns.com/osgi-design-patterns/ 

Apache Sling:

• It is designed to expose the JCR  through an HTTP based REST API.
• AEM's native functionality and functionality of any website built with AEM are delivered through this framework.

OSGI module system allows to building applications as a set of reloadable and strongly encapsulated services.

OSGI bundles run inside OSGI container. This container manages relations among bundles, which are JAR files that contain extra metadata indicating what services they require and which they provide.

OSGI Specifications enable:

• Modularization by use of a development model where applications are (dynamically) composed of many different(reusable) components.
• Components to hide their implementations from other components while communicating through services, which are objects specifically shared between components. 

OSGI Services:

http://www.knopflerfish.org/osgi_service_tutorial.html 

                                                                                                      (To be Updated...)

Citations:

http://www.aemcq5tutorials.com/tutorials/aem-osgi-configuration-implementation/
SCR Annotations:
http://felix.apache.org/documentation/subprojects/apache-felix-maven-scr-plugin/scr-annotations.html

AEM interview questions that I can think of(We will keep on updating)

1.  What are the basic differences between Overlays and Sling Resource Merger?                             
2.     What are the two locations where we can find the foundation components starting from                6.0?

               libs/foundation/components:  All components using jsp are available here.

               libs/wcm/foundation/components:  All components developed using sightly are here.
   
      3.     How to add a design in AEM?
              
              Creating and assigning a design(er) in AEM allows us to create a consistent and feel
               across the website and also to share the global content.
               Simple steps to create or add a design to a page is as follows:
                   *Miscadmin
                   *Tools -> Designs --> create a new page -> give title and name and click create.                                    *open page --> page properties --> Advanced --> Design field and ok.
   
       4.    Why we need to include global.jsp if we are creating a component in jsp?
               The global.jsp script which adobe provides by default declare Sling, AEM and JSTL
                taglibs to make component creation easy in AEM.

      5.     Where dialog and design dialogue data is stored?
                  Design dialog data is stored under /etc/designs folder
                  Dialogue data is stored under /content folder


      6.     How do you analyze thread dumps?
              
             JStack can be used to  get the thread dumps.
             Steps to generate the thread dumps are as follows:
             1. ps -ef | grep java <author (or) publish> is to list the java processes that are running
                 on a server.
             2. jstack <PID> >> therad.txt( this to copy the particular java process ID to  thread.txt
                  -file)run for 10 times in interval of 2 sec.
             3. Once you have thread dump you can use any thread dump analyzer tool to find long                               running thread.
                  Linux command is sudo -u user jstack <pid> >> threaddumps.log
                  Some dumpanalysis tools such as tda.
     
      7.   The basic Servlet class that we need to extend when we are trying to create a new                         Servlet?   ----  SlingAllMethodsServlet
         
      8.     In AEM, how servlet will be identified? And how it will be defined?
               In Servlet-  @properties(value = {
                                            @property( name = "sling.servlet.paths", value =  
                    {"/apps/geometrixx/components/content/common/billing/AlertServlet"}) })
     
       9. Question:

<div class="item">

<sly data-sly-test="${properties.jcr:title && properties.jcr:description}">

<h1>${properties.jcr:title}</h1>

<p>${properties.jcr:description}</p>

</sly>

</div> Write an optimized way of above code.

Ans:

<div class="item" data-sly-test="${properties.jcr:title && properties.jcr:description}">

<h1>${properties.jcr:title}</h1>

<p>${properties.jcr:description}</p>

</div>

Question: OPmized for the below

<%@include file="/libs/foundation/global.jsp"%>

<a href="<%= xssAPI.getValidHref(properties.get("link", "#")) %>" <%

String title = properties.get("jcr:title", "");

if (title.length() > 0) {

%>title="<%= xssAPI.encodeForHTMLAttr(title) %>"<%

} %>>

<%= xssAPI.encodeForHTML(properties.get("jcr:description", "")) %>

</a>

Ans:    

<a href="${properties.link|| '#'}“

title="${properties.jcr:title}">

${properties.jcr:description}

</a>

Questions: Questions: Do you know what is the prime type that we use when setting up the configurations?

Ans: sling:OsgiConfig

Questions:   Lets take a scenario, where we have 5pages with  each with different layouts and asked you to adive their team on how many templates that they have to configure..!? what would be your suggestion?

Ans: make the template multifunctional

Questions: Basic building blocks of the bundle?

   Ans: components:   Implementation of Events, Schedulers, Servlets, Models
,           Services:   Interface: Runnable, Servlet, EventHandling, JobConsumer 

Questions:A CQ5 instance hosts multiple websites in different content branches. How is it possible to map a domain to a specific content branch to support multi-domain hosting scenarios?

Ans: These nodes have to be created in the default workspace of the repository via the CRX Content Explorer, required nodetypes in brackets:

1 2 3 4 5 6 7

/etc    /map                       (sling:Folder)       /http                   (sling:OrderedFolder)          /www_geometrixx_fr   (sling:Mapping)          /www.geometrixx.fr   (sling:Mapping)          /www_geometrixx_de   (sling:Mapping)          /www.geometrixx.de   (sling:Mapping) https://helpx.adobe.com/experience-manager/kb/HowToMapDomains.html

Questions:  Should you use <cq:include> or <sling:include>?

Ans: When developing AEM components, Adobe recommends that you use <cq:include>.

<cq:include> allows you to directly include script files by their name when using the script attribute. This takes component and resource type inheritance into account, and is often simpler than strict adherence to Sling's script resolution using selectors and extensions.