I'm researching how to integrate or custom login module in order to work with external user system exposed as RESTful API.
I saw AuthenticationHandler interface but it seems that it only extracts credential from user request. Then build and send the AuthenticationInfo object to CRX login module for authentication & authorization. I stuck in at this point.
Do anyone know a solution for this one in AEM 6.0 ?
thanks and appreciate your help.
You probably want to create a custom ExternalIdentityProvider, rather than a custom AuthenticationHandler. Once you create and install your own identity provider bundle, AEM will consider it for all login requests. Essentially AEM will call the "authenticate" method on all registered identity providers (in order based on their JAAS ranking), and if any of the modules login successfully, it considers that user authenticated. You also don't have to worry about creating the JCR user record, because the default sync handler will take care of that for you automatically.
All you need to do is create a new service class that implements ExternalIdentityProvider, and implement the getName and authenticate methods. As far as I can tell, the other methods aren't used in normal login scenarios. You will also need to configure the "Apache Jackrabbit Oak External Login Module" so it knows the name of your identity provider, along with the JAAS ranking.
More details about the External Login Module are available here: http://jackrabbit.apache.org/oak/docs/security/authentication/externalloginmodule.html
You can also find a working example of how to implement a custom external login module by looking at the oak-auth-ldap module in GitHub: https://github.com/apache/jackrabbit-oak