Stateless Authentication with the Encapsulated Token in AEM

1. The solution for horizontal scalability is stateless authentication with the use of the new Encapsulated Token support in AEM.
2. The Encapsulated Token is a piece of cryptography that allows to securely create and validate authentication information offline, without accessing the repository. This way, an authentication request can happen on all the publish instances and with no need for sticky connections. It also has the advantage of improving authentication performance since the repository does not need to be accessed for every authentication request.
3. You can see how this works in a geographically distributed deployment with MongoMK authors and TarMK publish instances below:
chlimage_1

Note:
Please note that the Encapsulated Token is about authentication. It ensures that the cookie can be validated without having to access the repository. However, it is still required that the user exists on all the instances and that the information stored under that user can be accessed by every instance.
For example, if a new user is created on publish instance number one, due to the way the Encapsulated Token works, it will be authenticated successfully on publish number two. If the user does not exist on the second publish instance, the request will still not be successful.

No comments:

Post a Comment