EP Commerce for Adobe Marketing Cloud uses AEM's implementation of Apache Jackrabbit and Apache Sling to provide authentication services. Cortex is the identity provider.
- EP is the customer master and identity provider.
- Customers need to be created in EP before they can login into AEM.
- A user profile is created in AEM when a user logs into the system. Existing AEM users will have their profile updated.
- AEM user profile is not created for anonymous access.
- For implementations without AEM server replication, sticky session is required to maintain server affinity. This is so that user information can be retrieved from the correct node.
- Inactive users can be deleted from AEM.
Cortex OAuth implementation has some limitations that affect this solution.
- Expiry times cannot be set separately for PUBLIC and REGISTERED tokens.
- When a REGISTERED token expires, there is no fallback to an IDENTIFIED state so that user can continue to see their cart contents without logging in.
- You cannot impersonate users within Cortex. Impersonated and real users will be created and treated the same way.
- Jackrabbit uses an implementation of the JAAS authentication framework. CortexIdentityProvider is considerd as a part of this framework. Priority can be configured so the default JCR authentication is considered before or after the CortexIdentityProvider.
- The CortexAuthenticationHandler reads the anonymous Cortex token from the cookie and passes it to the CortexIdentityProvider. This handler is only required for the cart merge functionality as well as initially storing the user information on the shopper's client.