Creating a Closed User Group
Closed User Groups (CUGs) are used to limit access to specific pages that reside within a published internet site. Such pages require the assigned members to login and provide security credentials.
To configure such a area within your website you:
- apply this group to the required pages and select (or create) the login page for use by the members of the CUG; also specified when applying a CUG to a content page.
- create a link, of some form, to at least one page within the protected area , otherwise it will not be visible.
- configure the Dispatcher if in use.
Closed user groups (CUGs) should always be created with performance in mind.
Although the number of users and groups in a CUG is not limited, a high number of CUGs on a page may slow down rendering performance.
The impact of CUGs should always be considered when doing performance testing.
Creating The User Group To Be Used
To create a closed user group:
- Go to Tools - Security from the AEM homescreen.See Managing Users and Groups for full information on creating and configuring users and groups.
- Select the Groups card from the next screen.
- Press the Create button in the top right corner, in order to create a new group.
- Name your new group; for example, cug_access .
- Go to the Members tab and assign the required users to this group.
- Activate any users that you have assigned to your CUG; in this case, all members of cug_access .
- Activate the closed user group so that it is available in the publish environment; in this example, cug_access .
Applying Your Closed User Group To Content Pages
To apply the CUG to a page:
- Navigate to the root page of the restricted section you want to assign to your CUG.
- Select the page by clicking on its thumbnail and then clicking Properties in the top panel.
- In the following window, go to the Advanced tab.
- Scroll down and enable the tickbox in the Authentication Requirement section.
- Add your configuration path below, then press Save.
- Next, go to the Permissions tab and press the Edit Closed User Group button.
- Look for and add your CUG in the following window - in this case add the group named cug_access . Finally, press Save .
- Click Enabled to define that this page (and any child pages) belong to a CUG.
- Specify the Login Page that members of the group will use; for example:/content/geometrixx/en/toolbar/login.htmlThis is optional, if left blank the standard login page will be used.
- Add the Admitted Groups . Use + to add groups or - to remove. Only members of these groups will be allowed to log in and access the pages.
- Assign a Realm (a name for the groups of pages) if required. Leave empty to use the page title.
- Click OK to save the specification.
See Identity Management for information about profiles in the publish environment and providing forms for logging in and out.
Configure Dispatcher for CUGs
If you are using Dispatcher, you need to define a Dispatcher farm with the following properties:
- virtualhosts : Matches the path to the pages that the CUG applies to.
- \sessionmanagement: see below.
- cache : A cache directory that is dedicated to the files that the CUG applies to.
Configuring Dispatcher Session Management for CUGs
Configure session management in the dispatcher.any file for the CUG. The authentication handler that is used when access is requested for CUG pages determines how you configure session management.
/sessionmanagement ... /header "Cookie:login-token" ...
When a Dispatcher farm has session-management enabled, all pages that the farm handles are not cached. To cache pages that are outside of CUG, create a second farm in dispatcher.any that handles the non-CUG pages.