"What exactly would you need to manage JCR-based controls? I would imagine that mapping users to JCR groups based on whatever data your identity solution provides and then creating access based on ACLs only would satisfy your request."
We need to manage a few things at the identity provider: 1. User attributes: username, name, email, phone, maybe a few other pieces of data about the user. 2. Group membership When the user signs in, with SAML2 there is encrypted metadata which contains that information. Upon sign in, Sling users should be created, their user attributes updated and the user should be added or removed from Sling group membership. Once the user has signed in, then access is granted as usual using JCR-based ACL’s applied for the groups. Thanks Cris Rockwell, App Sys Analyst/Programmer Sr College of Literature, Science, and the Arts | University of Michigan LSA Technology Services | 6503 Haven Hall | 505 S. State Street | Ann Arbor, MI I 48109 Desk: 734.763.6818 | Email: [email protected] > On Dec 11, 2019, at 9:34 AM, Robert Munteanu <[email protected]> wrote: > > What exactly would you need to manage JCR-based controls? I would > imagine that mapping users to JCR groups based on whatever data your > identity solution provides and then creating access based on ACLs only > would satisfy your request.
