Monday, March 27, 2017

User Creation using AccountManagementService API in AEM 6.2 - Part1


When it comes to the right access to right person, creating users is the first thing which hit our mind.
Let us see how to create users in AEM6.2.
Initially users were getting created using AccountManager API and but now this is deprecated in AEM6.2
After doing POC I came to know that “AccountManagement Service API” is extended with lot of new features.
Activation of AccountManagementService in Felix Console  
Before using any OSGi Service, ideally it should be in "active" state but AccountManagement Service was in "unsatisfied" state when i checked it.
config.PNG
Fig- Account Management Service in Unsatisfied State

Follow the below Steps to make this Service in active State:
mail.PNG
Fig- Configure Day CQ Mail Service
  • The email id which is configured in "Day CQ Mail Service", should turn on the "less secure apps" of google account.
  • To turn it on Click here.
turn on.PNG
Fig- Turn On Less Secure Apps of gmail account
  • Now AccountManagemntService is in "satisfied" and "active" state.
satisfy.PNG
Fig- Account Management Service is in Satisified state




Explanation of AccountManagementService  API

AccountManagementService API provide the below method to create AEM User.
method.PNG
Fig- requestAccount() method of AccountManagementService API

Below are the parameters of requestAccount() method in detail:
  • UserId: UserId  is a name through which, the account will be created in AEM.
  • Pwd: This is the password of the user account.
  • Map<String,RequestParameter[]> properties : In this map, user's profile related all additional values can get stored. In this map “email” property must exist, because email is used for sending the mail to user to confirm or validate a newly created account
user profile.PNG
Fig- Storing properties 
  • requestUrl: API will get the host and port using this parameter which will help to create confirmation page URL. This URL will be sent to user via mail for verifying the account. Example: http://localhost:4502

Note: I have given the example of localhost, but this will not work in other environment i.e QA/UAT. For these environments, domains will be dynamically fetched from “DAY CQ Link Externalizer” configuration from Felix console

    • configPath: It is a path of the node(e.g., “/content/properties”) type of nt:unstructured , where below three properties need to be added:
    a) memberOf
    b) intermediatePath
      c) confirmationPage
    configPath.PNG
    Fig- config path node with its properties
    Detailed explanation of above Properties:
    • memberOf : This property identifies that the user should be part of which group. If you don’t provide any value to memberOf property,the user become part of “everyone” group. Note: This is an optional field.
    • intermediatePath: By default , AEM users gets created under /home/users.Intermediate path is used to provide customized path for creation of users. Eg: sgaem. So here, all the users will be created under /home/users/sgaem. Note: This is an optional field.
    • confirmationPage: ConfirmationPage link will be sent to email id which is added by user in registeration details. Note: This field is mandatory.



    Functionality of requestAccount() method
    AccountCreation (1).jpg
    Fig- Flow of user creation using AccountManagementService API

    Follow the below Steps:
    • User fills the Account Creation form and submits it.
    signUp form.PNG

    • This Request received by the servlet  and the servlet calls the requestAccount() method of AccountManagementService API.

    • This method creates the user in AEM in disabled state and send a verification email to the user.
    userdisabled.PNG
    Fig- Highlighted property shows that the user is in disable state

    mail message.PNG
    Fig- User gets the Account Verification Email 

    • The confirmation link page will be having a component named "emailConfirmation". The emailConfirmation.html contains.

    • User will click on verification link to enable the account in AEM.
    enable-User.PNG
    Fig- User become Enable After Verifying the link
    • Confirmation mail will be sent to user after verification.
    user-creation mail.PNG
    Fig- User gets email for Account Creation
    • Mission Accomplished: and created user can access the AEM instance with his own credentials
    But wait, below issue can screw all the happiness.


    Issue in using AccountManagementService API
    Issue :  Initially I used configPath as “/etc/properties” but accountManagementService.requestAccount() will throw nullPointerException.
    Solution: While checking the code,I came to know that AccountManagementService  API internally using below method to get the Session object.
    private Session getServiceSession()
      throws RepositoryException
     {
       return this.repository.loginService("account-management-service",null);
     }
    "account-management-service “ is a subService defined in User Mapper Configuration.
    user-mapper.PNG
    Fig- Service User Mapper Service Configuration
    account manager.PNG
    Fig- Check the Permission of Service user
    "account manager" is a user correspond to "account-management-service" in "Apache Sling Service User Mapper Service Amendment" configuration, but account manager has only permissions for " /content".
    Note: The configPath should be under "/content" or you can give any hierarchy but “account-manager” user must have the permission of that particular configPath.

    Kindly share your feedback and contact us at sgaem.blog02@gmail.com for any query.

    Thanks and Happy Learning 😊



    9 comments:

    1. Replies
      1. Though, I think it would make more sense to provide the properties under 'configPath' path as an editable field in cq:dialog of the component(eg, 'signIn' component). Apart from that, the concept is well explained.

        Delete
      2. @Nikhil, Good Idea.Actually we need a resource for this.So yes if i would have created a component and dropped it on a page,I can add that resource in the API.But I think there is nothing much,which will get changed regularly.But yes Nice Idea.

        Delete
    2. Nice explanation.. One small query : where is this email template picked from?

      ReplyDelete
      Replies
      1. @Vivek, We will be explaining it in Part-3. Soon we are going to publish this as well.

        Delete
    3. Hi Shivani,

      I am able to get the verification mail but when I click on the verification url I do not get the final confirmation mail.

      Any idea why?

      Thanks
      Yuvraj

      ReplyDelete
      Replies
      1. Hello Yuvraj, Have you added the component emailConfirmation in your page on which you got redirected when clicking on email link.Make sure this and you can get the git repo for the same from https://github.com/sgaem/accountManegementService.

        Delete
    4. Very good article.. appreciate your effort!

      ReplyDelete
    5. always..the best AEM tutorial (code+presentation+explanation)

      ReplyDelete