We have integrated SPA site with Bloomreach. SPA site is using OKTA for user authentication and allow access to pages only if user is logged in.
In CM, when cms user tries to edit the content of those pages, the request is redirected to login page by react application. CMS user is unable to edit the pages since it doesn’t have user login. How to enable editing of such secure pages in Channel Manager?
Any advice will be appreciated.
In a non spa implementation what we normally do is skip the SSO authentication all together when the request is a preview (eg /site/_cmsinternal/…). Something similar should be implemented in your spa application. It should be able to detect preview mode so basically when the request is happening from within the CMS and skip the authentication.
Note the approach would also depend on the way you are using the spa (eg. Spa script in freemarker template, proxy)
@Lef_Karamoulas Thanks for quick reply. we’re using the URL rewriter for CM-SPA communication. What should be the approach here?
On the side note, if we want to restrict the content based on the SPA user how that would work in BR? Do we send user group name as part of page model API when user requests the secured page?
I can imagine you are proxying with the URL rewriter the internal calls to your react app. So you would have to check for something on the request like referer or host that it’s not possible to replicate for security reasons of course. I don’t have a solution answer for you, unfortunately.
If I understand correctly that you would like to secure specific pages of the page model API and authenticate the users against them. This is possible but you would require to have such users/groups in your repository. Another approach would be that once you authenticate your users on the SPA side the call you make to the page model would authenticate using a common system account that is available in the repository.