Service Authentication

Possible issues

If you are using Adobe Experience Manager 6.3 or higher with version 3.2.0 or higher of the Connector, the following problems may occur:

  • You cannot save all Connector configurations.

  • Translated content does not return to Adobe Experience Manager.

  • You cannot perform most Globalization Tool functionality with the default settings.

Explanation

These problems occur because in Adobe Experience Manager 6.3 and higher, Adobe has deprecated support for administrative login methods for services.

In response, the starting with version 3.2.0, Connector adds a new system user, claytablet-service, which the claytablet bundle uses for operations.

The Connector adds the following new configurations to CRXDE Lite, which are described in detail below:

  • /apps/ctctranslation/config/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-claytablet

  • /apps/ctctranslation/config/com.day.cq.security.ACLSetup

  • /home/users/system/claytablet-service

Note: Under normal circumstances, you should not need to edit any of these configurations.

Detailed explanations
/apps/ctctranslation/config/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-claytablet.xml

This is an OSGi configuration that adds a mapping between the claytablet bundle and the claytablet-service system user for the Connector.

To locate this configuration in the system console:
  1. In your Web browser, navigate to /system/console/configMgr.

  2. In the Adobe Experience Manager Web Console Configuration page, search for Service Amendment.

  1. Next, search for claytablet.

  1. Double-click this entry to view the value in the Service Mappings field:

/apps/ctctranslation/config/com.day.cq.security.ACLSetup.xml

This OSGi configuration grants the all permission to the claytablet-service system user for /. This system user has all permissions on every path in the repository.

Note: This is the same as loginAdminstrative() in pre-3.2.0 versions of the Connector.

To locate this configuration in the system console:
  1. In your Web browser, navigate to /system/console/configMgr.

In the Adobe Experience Manager Web Console Configuration page, search for Day CQ ACL.

  1. Click this entry to view the details.

/home/users/system/claytablet-service

The new claytablet-service system user has permission to everything, because of the ACLSetup. If necessary, you can modify the permission settings. However, the Connector requires full permission to the following directories:

  • /content
  • /apps
  • /etc
  • /var
To locate the claytablet-service system user and view its permissions:
  1. In your Web browser, navigate to /useradmin.

  2. In the AEM Security page, locate the claytablet-service user in the left pane.

Tip: To simplify the permission settings for the claytable-service user, you can add claytable-service to the Adobe Experience Manager administrators user group. The reason this works is that before the API changes in Adobe Experience Manager 6.3, the Connector used the administrator permission of an admin session from Adobe Experience Manager API to perform all the actions.

For more information, refer to: https://cwiki.apache.org/confluence/display/SLING/Service+Authentication.