Identity Management identity-management

CAUTION
AEM 6.4 has reached the end of extended support and this documentation is no longer updated. For further details, see our technical support periods. Find the supported versions here.

Individual visitors to your website can only be identified when you provide the ability for them to log in. There are various reasons why you may want to provide a login capability:

  • AEM CommunitiesSite visitors are required to sign in to post content to the community.

  • Closed User Groups

    You may need to limit access to your website (or sections of it) to specific visitors.

  • Personalization Allowing visitors to configure certain aspects of how they access your website.

Log in (and out) functionality is provided by an account with a Profile, which holds additional information about the registered visitor (user). The actual processes for registration and authorization may differ:

  • Self-registration from the website

    A Community Site may be configured to allow visitors to self-register or sign-in with their Facebook or Twitter accounts.

  • Request for registration from the website

    For a closed user group you might allow visitors to request registration, but enforce authorization by means of a workflow.

  • Register each account from the author environment

    If you have a small number of profiles, which will need authorization anyway, you may decide to register each directly.

To allow visitors to register, a series of components and forms can be used to collect the required identification information, then the additional (often optional) profile information. After they have registered, they should also be able to check and update, the details that they have submitted.

Additional functionality can be configured or developed:

  • Configure any reverse replication that is required.
  • Allow a user to remove their profile, by developing a form together with a workflow.
NOTE
The information specified in the profile can also be used to provide the user with targeted content via Segments and Campaigns.

Registration Forms registration-forms

A form can be used to collect the registration information, then generate the new account and profile.

For example, users can request a new profile, using the Geometrixx page
http://localhost:4502/content/geometrixx-outdoors/en/user/register.html

registerform

Upon submitting the request, the profile page opens where the user can provide personal details.

profilepage

The new account is also visible in the Users console.

Login login

The login component can be used to collect the login information, then activate the login process.

This provides the visitor with the standard fields of Username and Password, with a Login button to activate the login process when the credentials are entered.

For example, users can either log in, or create a new account, using the Sign In option on the Geometrixx toolbar, which uses the page:

http://localhost:4502/content/geometrixx-outdoors/en/user/sign-in.html

login

Logging Out logging-out

As there is a login mechanism, a logout mechanism is also required. This is available as the Sign Out option in Geometrixx.

Viewing and Updating a Profile viewing-and-updating-a-profile

Depending on your registration form the visitor may have registered information in their profile. They should be able to view and/or update this at a later stage. This can be done with a similar form; for example, in Geometrixx:

http://localhost:4502/content/geometrixx-outdoors/en/user/profile.html

To see the details of your profile click on My Profile in the top right corner of any page; for example with the admin account:
http://localhost:4502/home/users/a/admin/profile.form.html/content/geometrixx-outdoors/en/user/profile.html.

You can view another profile using the client context (on the author environment and with sufficient privileges):

  1. Open a page; for example the Geometrixx page:

    http://localhost:4502/cf#/content/geometrixx/en.html

  2. Click My Profile in the top right corner. You will see the profile of your current account; for example the administrator.

  3. Press control-alt-C to open the client context.

  4. In top left corner of the client context, click the Load a Profile button.

  5. Select another profile from the drop down list in the dialog window; for example, Alison Parker.

  6. Click OK.

  7. Click again on My Profile. The form will be updated with Alison’s details.

    profilealison

  8. You can now use Edit Profile or Change Password to update the details.

Adding Fields to the Profile Definition adding-fields-to-the-profile-definition

You can add fields to the profile definition. For example to add a “Favorite Color” field to the Geometrixx profile:

  1. From the Websites console navigate to Geometrixx Outdoors Site > English > User >My Profile.

  2. Double-click on the My Profile page to open it for editing.

  3. In the Components tab of sidekick expand the Form section.

  4. Drag a Dropdown List from sidekick to the form, just below the About me field.

  5. Double-click the Dropdown List component to open the dialog for configuration and enter:

    • Element Name - favoriteColor
    • Title - Favorite Color
    • Items - Add several colors as items

    Click OK to save.

  6. Close the page and return to the Websites console and activate the My Profile page.

    Next time you view a profile you can select a favorite color:

    aparkerfavcolour

    The field will be saved under the profile section of the relevant user account:

    aparkercrxdelite

Profile States profile-states

There are a number of use cases that require knowing whether a user (or rather their profile) is in a specific state or not.

This involves defining an appropriate property in the user profile in a way that:

  • is visible and accessible to the user
  • defines two states for each property
  • allows toggling between the two states defined

This is done with:

  • State Providers

    To manage the two states of a specific property and the transitions between the two.

  • Workflows

    To manage actions related to the states.

Multiple states can be defined; for example in Geometrixx these include:

  • subscribing (or unsubscribing) to notifications on newsletters or comment threads
  • adding and removing a connection to a friend

State Providers state-providers

A state provider manages the current state of the property in question, together with the transitions between the two possible states.

State providers are implemented as components, so can be customized for your project. In Geometrixx these include:

  • Un-/Subscribe Forum Topic
  • Add/Remove Friend

Workflows workflows

State providers manage a profile property and its states.

A workflow is needed to implement the actions related to the states. For example, when subscribing for notifications, the workflow will handle the actual subscription action; when unsubscribing from notifications, the workflow will handle removing the user from the subscription list.

Profiles and User Accounts profiles-and-user-accounts

Profiles are stored in the Content Repository as part of the user account.

The profile can be found under /home/users/geometrixx:

chlimage_1-385

On a standard installation (author or publish) everyone has read access to the entire profile information of all users. everyone is a “Built-in group automatically containing all existing users and groups. The list of members cannot be edited”.

These access rights are defined by the following wildcard ACL:

/home everyone allow jcr:read rep:glob = */profile*

That allows:

  • forum, comments or blog posts to display information (such as icon or full name) from the appropriate profile
  • links to geometrixx profile pages

If such access is not appropriate for your installation you can change these default settings.

This can be done using the Access Control tab:

aclmanager

Profile Components profile-components

A range of profile components are also available for defining the profile requirements for your site.

Checked Password Field checked-password-field

This component gives you two fields for:

  • the input of a password
  • a check to confirm that the password has been input correctly.

With default settings the component will appear as follows:

dc_profiles_checkedpassword

Profile Avatar Photo profile-avatar-photo

This component provides the user with a mechanism for selecting and uploading an Avatar Photo file.

dc_profiles_avatarphoto

Profile Detailed Name profile-detailed-name

This component allows the user to input a detailed name.

dc_profiles_detailedname

Profile Gender profile-gender

This component allows the user to input their gender.

dc_profiles_gender

recommendation-more-help
5ce3024a-cbea-458b-8b2f-f9b8dda516e8