- AEMaaCS Home
- Overview
- Release Notes
- Release Information
- AEMaaCS Feature Release Notes
- AEMaaCS Maintenance Release Notes
- Current Maintenance Release Notes
- 2023
- Maintenance Release Notes for 2023.11.0
- Maintenance Release Notes for 2023.10.0
- Maintenance Release Notes for 2023.9.0
- Maintenance Release Notes for 2023.8.0
- Maintenance Release Notes for 2023.7.0
- Maintenance Release Notes for 2023.6.0
- Maintenance Release Notes for 2023.4.0
- Maintenance Release Notes for 2023.2.0
- Maintenance Release Notes for 2023.1.0
- Release Notes for Cloud Manager
- Current Release Notes
- 2023
- 2022
- Release Notes for 2022.12.0
- Release Notes for 2022.11.0
- Release Notes for 2022.10.0
- Release Notes for 2022.9.0
- Release Notes for 2022.8.0
- Release Notes for 2022.7.0
- Release Notes for 2022.6.0
- Release Notes for 2022.5.0
- Release Notes for 2022.4.0
- Release Notes for 2022.3.0
- Release Notes for 2022.2.0
- Release Notes for 2022.1.0
- 2021
- Release Notes for 2021.12.0
- Release Notes for 2021.11.0
- Release Notes for 2021.10.0
- Release Notes for 2021.9.0
- Release Notes for 2021.8.0
- Release Notes for 2021.7.0
- Release Notes for 2021.6.0
- Release Notes for 2021.5.0
- Release Notes for 2021.4.0
- Release Notes for 2021.3.0
- Release Notes for 2021.2.0
- Release Notes for 2021.1.0
- 2020
- Release Notes for Migration Tools
- Release Notes for Workfront for Experience Manager enhanced connector
- What is New?
- Notable Changes in AEM Cloud Service
- Deprecated and Removed Features
- Deprecated APIs
- Prerelease Channel
- Security
- Security for AEM as a Cloud Service
- Configuring Advanced Networking for AEM as a Cloud Service
- Security Overview for AEM as a Cloud Service
- IMS Support for AEM as a Cloud Service
- Same Site Cookie Support for AEM as a Cloud Service
- OAuth2 Support for the mail Service
- Traffic Filter Rules including WAF Rules
- Onboarding
- AEM as a Cloud Service Migration Journey
- Getting Started with moving AEM as a Cloud Service
- Readiness Phase
- Implementation Phase
- Go Live
- Post Go Live
- Migration Guide to Experience Manager as a Cloud Service for Partners
- Cloud Acceleration Manager
- Cloud Transition Tools
- Best Practices Analyzer
- Content Transformer
- Content Transfer Tool
- Overview
- Prerequisites for Content Transfer Tool
- Guidelines and Best Practices for Using Content Transfer Tool
- Getting Started with Content Transfer Tool
- Validating Content Transfers
- Handling Large Content Repositories
- User Mapping and Principal Migration
- Extracting Content from Source
- Ingesting Content into Cloud Service
- Indexing after Migrating Content
- Viewing Logs for a Migration Set
- Deleting a Migration Set
- Running the Content Transfer Tool on a Publish Instance
- Troubleshooting Content Transfer Tool
- Code Refactoring Tools
- Sites
- AEM Sites as a Cloud Service
- Notable Changes to AEM Sites in AEM Cloud Service
- Authoring
- Getting Started
- Headless Content Author Journey
- Authoring Fundamentals
- Environment and Tools
- Adding Page Annotations
- Creating a New Site
- Creating and Organizing Pages
- Editing Page Content
- The Rich Text Editor
- Page Properties
- Previewing Content
- Publishing Pages
- Content Fragments
- Experience Fragments
- Export to CSV
- Components
- Authoring for Mobile Devices
- Creating Accessible Content (WCAG 2.1 Conformance)
- Troubleshooting
- Keyboard Shortcuts
- Authoring Features
- Projects
- Launches
- Workflows
- Personalization
- Personalization Overview
- Previewing Pages Using ContextHub Data
- Authoring Targeted Content Using Targeting Mode
- Working with Targeted Content in Multisites
- How Multisite Management for Targeted Content is Structured
- Managing Activities
- Managing Audiences
- Creating and Managing Offers (Offers Console)
- Understanding Segmentation
- Configuring Segmentation with ContextHub
- Registration, Login, and User Profile
- Administering
- Content Fragments
- Site Creation
- Reusing Content
- MSM and Translation
- Multi Site Manager
- Translation
- Sites Translation Journey
- Headless Translation Journey
- Translating Content for Multilingual Sites
- Preparing Content for Translation
- Managing Translation Projects
- Language Copy Wizard
- Identifying Content to Translate
- Configuring the Translation Integration Framework
- Connecting to Microsoft Translator
- Translation Best Practices
- Administering Tags
- Administering Workflows
- Integrating with AEM as a Cloud Service
- Integrating with Adobe Analytics
- Integrating with Adobe Analytics Automated Setup
- IMS Configuration for use when Integrating with Adobe Analytics
- Integrating with Adobe Learning Manager
- Integrating with Adobe Target
- IMS Configuration for use when Integrating with Adobe Target
- Exporting Content Fragments to Adobe Target
- Exporting Experience Fragments to Adobe Target
- Integrating with Adobe Campaign
- Assets
- Assets as a Cloud Service
- Overview and what’s new
- Notable Changes to Assets as a Cloud Service
- Assets architecture
- Supported file formats
- Overview of asset microservices
- Accessibility in Assets
- Manage digital assets
- Micro-Frontend Asset Selector
- Micro-Frontend Destination Selector
- Share assets
- Get started using asset microservices
- Add and upload assets
- Search assets
- Common asset management tasks
- Manage publication
- Preview 3D assets
- Smart tags for images
- Smart tag your video assets
- How to organize assets
- Use Adobe Stock assets
- Manage collections
- Metadata overview
- Integrate with Adobe Creative Cloud
- How to add or edit metadata
- Review folder assets and collections
- Use and configure Assets Insights
- Metadata profiles
- Metadata schema
- Manage video assets
- Reuse assets using MSM
- Download assets
- Check-in and check-out assets to edit
- Create and share private folders
- Digital Rights Management for assets
- Watermark assets
- Process assets using Creative Cloud APIs
- Color tags for images
- Manage PDF documents
- Configure, administer, and extend Assets
- Detect duplicate assets
- Developer docs and APIs references
- Folder metadata schema
- Work with image and video profiles
- Configure transcription for audio and video assets
- Translate assets
- Search facets
- Assets HTTP API
- Content Fragments support in Assets HTTP API
- Connected Assets
- Generate For Placement Only renditions
- Asset reports
- Cascading metadata
- XMP metadata
- MediaLibrary capabilities
- Import and export asset metadata
- Configure asset upload restrictions
- Share and distribute assets
- Content Fragments
- Working with Content Fragments
- Headless Delivery with Content Fragments and GraphQL
- Enable Content Fragment Functionality for your Instance
- Content Fragment Models
- Managing Content Fragments
- Variations - Authoring Fragment Content
- Content Fragment Associated Content
- Metadata - Fragment Properties
- Content Fragments - Delete Considerations
- Markdown
- Structure Tree
- Preview - JSON Representation
- Reuse Content Fragments using MSM for Assets
- Dynamic Media
- Dynamic Media Journey: The Basics
- Dynamic Media newsletter archive by Experience League
- Set up Dynamic Media
- Work with Dynamic Media
- Configure Dynamic Media
- Optional - Configure Dynamic Media, General Settings
- Optional - Configure Dynamic Media, Publish Setup
- Troubleshoot Dynamic Media
- Configure a Dynamic Media Alias Account
- Accessibility in Dynamic Media
- Manage Dynamic Media assets
- Best practices for optimizing the quality of your images
- Image Profiles
- Video Profiles
- Manage Dynamic Media Image Presets
- Apply Dynamic Media Image Presets
- Manage Dynamic Media Viewer Presets
- Apply Dynamic Media Viewer Presets
- Batch Set Presets
- Invalidate the CDN cache by way of Dynamic Media
- Invalidate the CDN cache by way of Dynamic Media Classic
- Smart Imaging
- Smart Imaging with client-side Device Pixel Ratio
- Deliver Dynamic Media assets
- Activate hotlink protection in Dynamic Media
- 3D Support
- Dynamic Media limitations
- Image Sets
- Panoramic Images
- Mixed Media Sets
- Spin Sets
- Video in Dynamic Media
- Carousel Banners
- Interactive Images
- Interactive Videos
- 360 VR Video
- Integrate Dynamic Media Viewers with Adobe Analytics and Adobe Experience Platform Tags
- Create custom pop-ups using Quickview
- Deliver optimized images for a responsive site
- Preview Dynamic Media assets
- Add Dynamic Media assets to pages
- Embed the Dynamic Video or Image viewer on a web page
- Link URLs to your web application
- Use Rulesets to transform URLs
- Publish Dynamic Media assets
- Work with Selective Publish in Dynamic Media
- Work with Selectors
- HTTP2 Delivery of Content FAQ
- Flash Viewers End-of-Life
- DHTML Viewers End-of-Life
- Working with Assets view
- Introduction
- Getting started
- My Workspace
- Supported file types and use cases
- View assets
- Upload and add assets
- Bulk import assets
- Search and discover assets
- Asset management tasks
- Edit images
- Manage asset metadata
- Share assets
- Manage collections
- Watch asset, folders, and collections
- Manage reports
- Manage tags
- Best practices
- Integration with Adobe Workfront
- Integration with Adobe Express
- Integration with Creative Cloud
- Forms
- Overview
- Setup and migrate
- Onboard to Cloud Service environment
- Setup a local development environment
- Enable Adaptive Forms Core Components on AEM Forms as a Cloud Service and local development environment
- Configure Unified Storage Connector
- Migrate from AEM 6.5 Forms or earlier to AEM Forms as a Cloud Service
- Groups and permissions
- Import, export, and organize Adaptive Forms, PDF forms, and other assets
- Integrate
- Services
- Integrate AEM Forms as a Cloud Service with Adobe Sign
- Integrate AEM Forms as a Cloud Service with DocuSign
- Integrate Adaptive Forms to Adobe Analytics
- Viewing and understanding Adaptive Forms Analytics Report
- Embed an Adaptive Forms in an AEM Sites page
- Embed adaptive form based on Core Components to an external web page
- Embed adaptive form based on Foundation Components to an external web page
- Form Data Model
- Connect AEM Forms to database or data source
- Configure data sources
- Configure Microsoft Dynamics OData
- Connect Adaptive Form to Salesforce application using OAuth 2.0 client credential flow
- Configure Azure storage
- Configure Microsoft Dynamics 365 and Salesforce cloud services
- Create Form Data Model
- Work with Form Data Model
- Use Form Data Model
- Services
- Adaptive Forms
- Create an Adaptive Form fragment
- Add an Adaptive Form to an AEM Sites page or Experience Fragment
- Core Components
- Create an Adaptive Form
- Create an Adaptive Form
- Create an Adaptive Form fragment
- Create themes for an Adaptive Form - Core Components
- Create an Adaptive Form template based on Core Components
- Generate Document of Record for Adaptive Forms
- Use machine translation or human translation to translate an Adaptive Form
- Configuring redirect page or thank you message
- Create forms with repeatable sections
- Configure Submit Action for an Adaptive Form
- Use Google reCAPTCHA in an Adaptive Form
- Add custom error handler in an Adaptive Form
- Add a locale for Adaptive Forms based on Core Components
- Create an Adaptive Form
- Foundation Components
- Convert your PDF forms to Adaptive Forms
- Create an Adaptive Form
- Add components to an Adaptive Form
- Configure layout and apply style to an Adaptive Form
- Add rules and use expressions in an Adaptive Form
- Use Adobe Sign
- Configure Submit Actions and metadata submission
- Prefill Adaptive Form fields
- Generate Document of Record
- Add support for new locales to an adaptive form
- Add or improve metadata
- Improve accessibility of an Adaptive Form
- Configure Forms Portal
- Create and manage reviews
- Forms Centric Workflows
- Communications APIs
- Developer API Reference
- Troubleshooting
- Screens
- AEM Screens as a Cloud Service
- Overview to Screens as a Cloud Service
- Onboarding to Screens as a Cloud Service
- Configuring Screens as a Cloud Service Project
- Creating Content
- Managing Player and Registration
- Using Core Product Features
- Developing in Screens as a Cloud Service
- Screens as a Cloud Service FAQs
- Content and Commerce
- Edge Delivery Services
- Headless
- What is a Headless CMS?
- Introduction to AEM Headless
- Developer Portal (Additional Resources)
- Best Practices - Setup and Use
- Setup
- Content Fragments
- GraphQL API
- Content Fragments REST API
- Security
- Deployment
- Headless Journeys
- Headless Developer Journey
- Understand Headless in AEM
- Learn about CMS Headless Development
- Getting Started with AEM Headless as a Cloud Service
- Path to your first experience using AEM Headless
- How to model your content as AEM Content Models
- How to access your content via AEM delivery APIs
- How to update your content via AEM Assets APIs
- How to put it all together
- How to go live with your headless application
- Optional - How to create single page applications with AEM
- Developer Portal (Additional Resources)
- Headless Content Architect Journey
- Headless Translation Journey
- Headless Content Author Journey
- Headless Developer Journey
- Implementing
- Implementing Applications for AEM as a Cloud Service
- Using Cloud Manager
- Programs
- Creating an AEM Application Project
- Managing Environments
- Managing your Code
- Environment Variables
- Cloud Manager CI-CD Pipelines
- Deploying Your Code
- Understanding your Test Results
- Accessing and Managing Logs
- Custom Permissions
- SLA Reporting
- New Relic One
- Notifications
- SSL Certificates
- Custom Domain Names
- IP Allow Lists
- License Dashboard
- Understanding Cloud Service Content Requests
- Cloud Manager FAQs
- Developing for AEM as a Cloud Service
- AEM Project Structure
- AEM Project Repository Structure Package
- AEM as a Cloud Service SDK
- AEM Rapid Development Environments
- AEM as a Cloud Service Development Guidelines
- Logging
- Configurations and the Configuration Browser
- AEM Technical Foundations
- API Reference Materials
- Generating Access Tokens for Server Side APIs
- Quick Site Creation and Front-End Customization
- Developing Sites with the Front-End Pipeline
- Customizing Site Templates and Themes
- Headful and Headless in AEM
- Full Stack AEM Development
- Getting Started Developing AEM Sites - WKND Tutorial
- Structure of the AEM UI
- Sling Cheatsheet
- Using Sling Adapters
- Using the Sling Resource Merger in AEM as a Cloud Service
- Overlays in AEM as a Cloud Service
- Using Client-Side Libraries
- Page Diff
- Editor Limitations
- Naming Conventions
- Components and Templates
- AEM Tagging Framework
- Building Tagging into AEM Applications
- Search
- Custom Error Pages
- AEM Node Types
- Headless Experience Management
- Hybrid and SPA Development
- Hybrid and SPA with AEM
- Enabling JSON Export for a Component
- SPA Introduction and Walkthrough
- SPA WKND Tutorial
- Getting Started using React
- Getting Started using Angular
- SPA Deep Dives
- Developing SPAs for AEM
- SPA Editor Overview
- SPA Blueprint
- SPA Page Component
- Dynamic Model to Component Mapping
- Model Routing
- The RemotePage Component
- Editing an External SPA within AEM
- Composite Components in SPAs
- Server Side Rendering
- Enabling JSON Export for a Component
- Launch Integration
- SPA Reference Documents
- Developer Tools
- Personalization
- Configuring and Extending AEM as a Cloud Service
- Extending AEM with App Builder
- Extending Experience Fragments
- Customizing and Extending Content Fragments
- Content Fragments Configuring Components for Rendering
- Customizing the Content Fragment Console
- Customizing the Content Fragment Console and Editor
- Manage Search Forms
- Configure Rich Text Editor
- Configure the RTE plug-ins
- Configure RTE to create accessible sites
- Extending Page Authoring
- Extending Consoles
- Extending Page Properties
- Extending the Bulk Editor
- Extending MSM
- Deploying to AEM as a Cloud Service
- Author Tier
- Preview Tier
- Content Delivery Overview
- Connectors
- Operations
- Operations and Maintenance on AEM as a Cloud Service
- Actions Center
- Content Search and indexing
- Content Replication Service
- Additional Publish Regions
- Infrastructure and Service Monitoring in AEM as a Cloud Service
- Maintenance Tasks
- Backup and Restore
- Self-Service Restore
- Asynchronous Jobs
- Removal of the generic lucene index
- Query and Indexing Best Practices
- Compliance
- Universal Editor
Registration, Login, and User Profile
Introduction
Web applications often provide account management features for end users to register on a website, which persists their user data information, allowing them to login in the future and enjoy a consistent experience. This article describes the following concepts for AEM as a Cloud Service:
- Registration
- Login
- Storing user profile data
- Group membership
- Data Synchronization
In order for the functionality described in this article to work, the User Data Synchronization feature must be enabled, which at this time requires a request to customer support indicating the appropriate program and environments. If not enabled, user information is persisted for just a short period (1 to 24 hours) before disappearing.
Registration
When an end-user registers for an account on an AEM application, a user account is created on the AEM Publish service, as reflected on a user resource under /home/users in the JCR repository.
There are two approaches to implementing registration, as described below.
AEM Managed
Custom registration code can be written that takes, minimally, the user’s username and password, and creates a user record in AEM which can then be used to authenticate against during login. The following steps are typically used to construct this registration mechanism:
- Display a custom AEM component that collects registration info
- Upon submission, a properly provisioned service user is used to
- Verify that an existing user does not already exist, using one of the UserManager API’s
findAuthorizables()methods - Create a user record using one of the UserManager API’s
createUser()methods - Persist any profile data captured using the Authorizable interface’s
setProperty()methods
- Verify that an existing user does not already exist, using one of the UserManager API’s
- Optional flows, such as requiring the user to validate their email.
External
In some cases, registration or user creation has previously happened in infrastructure outside of AEM. In that scenario, the user record is created in AEM during login.
Login
Once an end-user is registered on the AEM Publish service, these users can log in to have authenticated access (using AEM authorization mechanisms) and persisted, user-specific data such as profile data.
Implementation
Login can be implemented with the following two approaches:
AEM Managed
Customers can write their own custom components. To learn more, consider becoming familiar with:
- The Sling Authentication Framework
- And consider asking the AEM Community Experts session about login.
Integration with an Identity Provider
Customers can integrate with an IdP (identity provider), which authenticates the user. Integration technologies include SAML and OAuth/SSO, as described below.
SAML BASED
Customers can use SAML-based authentication via their preferred SAML IdP. When using an IdP with AEM, the IdP is responsible for authenticating the user’s credentials and brokering the user’s authentication with AEM, creating the user record in AEM as needed, and managing the user’s group membership in AEM, as described by the SAML assertion.
Only the initial authentication of the user’s credentials are authenticated by the IdP, and subsequent requests to AEM are performed using an AEM login token cookie, as long as the cookie is available.
See documentation for more information about the SAML 2.0 Authentication Handler.
OAuth/SSO
See the Single Sign On (SSO) documentation for information about using AEM’s SSO Authentication Handler Service.
The com.adobe.granite.auth.oauth.provider interface can be implemented with the OAuth provider of your choice.
Sticky sessions and Encapsulated Tokens
AEM as a Cloud Service has cookie-based sticky sessions enabled, which ensures that an end-user is routed to the same publish node on each request. To increase performance, the encapsulated token feature is enabled by default so the user record in the repository does not need to be referenced on each request. If the publish node which an end-user has an affinity to is replaced, their user id record is available on the new publish node, as described in the data synchronization section below.
User Profile
There are various approaches to persisting data, depending on the nature of that data.
AEM Repository
User profile information can be written and read in two ways:
- Server-side use with the
com.adobe.granite.security.userInterface UserPropertiesManager interface, which will place data under the user’s node in/home/users. Make sure that pages that are unique per user are not cached. - Client-side using ContextHub, as described by the documentation.
Third-party data stores
End-user data can be sent to third-party vendors such as CRMs and retrieved via APIs upon the user’s login to AEM and persisted (or refreshed) on the AEM user’s profile node, and used by AEM as needed.
Real-time access to third-party services to retrieve profile attributes is possible, however, it is important to ensure this does not materially impact request processing in AEM.
Permissions (Closed User Groups)
Publish-tier access policies, also called Closed User Groups (CUGs), are defined in the AEM author as described here. To restrict certain sections or pages of a website from some users, apply the CUGs as needed using the AEM author, as described here, and replicate them to the publish tier.
- If users log in by authenticating with an identity provider (IdP) using SAML, the authentication handler will identify the user’s group memberships (which should match the CUGs on the publish tier), and persist the association between the user and the group through a repository record
- If login is accomplished without IdP integration, custom code can apply the same repository structure relationships.
Independent of login, custom code can also persist and manage a user’s group memberships as required by an organization’s unique requirements.
Data Synchronization
Website end users have an expectation of a consistent experience on every web page request or even when they log in using a different browser, even if unbeknownst to them, they are brought to different server nodes of the publish tier infrastructure. AEM as a Cloud Service accomplishes this by quickly synchronizing the /home folder hierarchy (user profile information, group membership, etc) across all the nodes of the publish tier.
Unlike other AEM solutions, user and group membership synchronization in AEM as a Cloud Service does not use a point-to-point messaging approach, instead implementing a publish-subscribe approach that does not require customer configuration.
By default, user profile and group membership synchronization are not enabled and so data will not be synchronized to or even permanently persisted on the publish tier. To enable the feature, send a request to Customer Support indicating the appropriate program and environments.
Cache Considerations
Authenticated HTTP requests can be difficult to cache on both the CDN and Dispatcher since they carry the possibility of user-specific state being transferred as part of the request’s response. Inadvertently caching authenticated requests and serving them to other requesting browsers can result in incorrect experiences, or even leaking protected or user data.
Approaches for maintaining high cache-ability of requests while supporting user-specific responses include:
- AEM Dispatcher Permissions sensitive caching
- Sling Dynamic Include
- AEM ContextHub
Resources
Adobe Account
