User synchronization in AEM
When AEM deployment topology is multi-publishers or publish farms based and deployed websites have features like user’s registration then there occurs a need of synchronizing the user’s data on each publishers. This is also applicable when you create the user using https://<host:port>/security/users.html OR https://<host:port>useradmin options and want that user account to be replicated on different publishers available in publish farms.
This synchronization is generally required because once an individual user register that registration request may go randomly to any one of the publish instance of publish farms and during next login session that user request may go to another publisher in the publish farms. If we do not synchronize the user registration data on all publish instances, then on another publish instances that user would appear as a new user and again registration need to perform by that user thus this creates bad user experience.
Below diagram depicts how the user’s data synchronization happen on publish farms via author instance.
How to configure user synchronization
Since AEM 6.1 there is OOTB user synchronization configurations available but by default it’s in disabled state. To make it work you need to do required configuration in existing OSGi configurations which have pre-configured sample data. No new configurations should be added for enabling user sync. This is based on Sling Distribution concept which provides benefits like-
- users, user profiles and user groups created on publish are not created on author.
- Sling distribution only sends user data to non-originating publish instances via author instance. Author instance pulls the user’s data from source publish instance and distribute it to the other publish instances on the publish farm.
- ACLs set in the user node are included in the synchronization.
For the configuration detail please refer the link shown below in reference section where you will always get the latest detail and changes.
Additional Troubleshooting Step
During following the reference link steps please either do the replication of /etc/keys/ node from Author to Publishers OR do the below steps before encrypting the password to sync the hmac and master files from Author instance to all the Publish instances.
- Find the bundle id of com.adobe.granite.crypto.file in Author instance via system/console/bundles.
- Navigate to /crx-quickstart/launchpad/felix/bundle<Id>/data in the Author file system.
- Copy the files hmac and master from the Author instance to the Publish instances.
- Restart the com.adobe.granite.crypt.file bundle or the complete Publish instances.
