Creating a Closed User Group :headding-anchor:creating-a-closed-user-group
Closed User Groups (CUGs) are used to limit access to specific pages that reside within a published internet site. Such pages require the assigned members to login and provide security credentials.
To configure such an area within your website you:
-
apply this group to the required pages and select (or create) the login page for use by the members of the CUG; also specified when applying a CUG to a content page.
-
create a link, of some form, to at least one page within the protected area, otherwise it will not be visible.
-
configure the Dispatcher if in use.
Creating The User Group To Be Used :headding-anchor:creating-the-user-group-to-be-used
To create a closed user group:
-
Go to Tools - Security from the AEM homescreen.
note note NOTE See Managing Users and Groups for full information on creating and configuring users and groups. -
Select the Groups card from the next screen.
-
Press the Create button in the top right corner, to create a group.
-
Name your new group; for example,
cug_access
. -
Go to the Members tab and assign the required users to this group.
-
Activate any users that you have assigned to your CUG; in this case, all members of
cug_access
. -
Activate the closed user group so that it is available in the publish environment; in this example,
cug_access
.
Applying Your Closed User Group To Content Pages :headding-anchor:applying-your-closed-user-group-to-content-pages
To apply the CUG to a page, or pages:
-
Navigate to the root page of the restricted section you want to assign to your CUG.
-
Select the page by clicking on its thumbnail and then selecting Properties in the top toolbar.
-
In the following window, open the Advanced tab.
-
Scroll down to the Authentication Requirement section.
-
Activate the Enable tickbox.
-
Add the path to your Login Page.
This is optional, if left blank the standard login page is used.
-
-
Next, go to the Permissions tab and select Edit Closed User Group.
note note NOTE CUGs in the Permissions tab cannot be rolled out to Live Copies from Blueprints. Plan around this when configuring Live Copy. For more information, see Closed User Groups in AEM - Livecopy. -
The Edit Closed User Group dialog opens. Here you can search for, and select, your CUG, then confirm the group selection with Save.
The group will be added to the list; for example, the group cug_access.
-
Confirm the changes with Save & Close.
Linking To The CUG Pages :headding-anchor:linking-to-the-cug-pages
Since the target of any links to the CUG pages are not visible to the anonymous user, the linkchecker will remove such links.
To avoid this, it is advisable to create non-protected redirect pages that point to pages within the CUG area. The navigation entries are then rendered without causing the linkchecker any problems. Only when actually accessing the redirect page will the user be redirected inside the CUG area - after successfully providing their login credentials.
Configure Dispatcher for CUGs :headding-anchor:configure-dispatcher-for-cugs
If you are using Dispatcher, you need to define a Dispatcher farm with the following properties:
- virtualhosts: Matches the path to the pages that the CUG applies to.
- \sessionmanagement: see below.
- cache: A cache directory that is dedicated to the files that the CUG applies to.
Configuring Dispatcher Session Management for CUGs :headding-anchor:configuring-dispatcher-session-management-for-cugs
Configure session management in the dispatcher.any file for the CUG. The authentication handler that is used when access is requested for CUG pages determines how you configure session management.
/sessionmanagement
...
/header "Cookie:login-token"
...
that handles the non-CUG pages.
-
Configure /sessionmanagement by defining
/directory
; for example:code language-xml /sessionmanagement { /directory "/usr/local/apache/.sessions" ... }
-
Set /allowAuthorized to
0
.