Jackrabbit Oak provides interfaces and some base classes to ease custom implementation of the external authentication with optional user/group synchronization to the repository.
The oak-auth-external module come with a default implementation of the ExternalIdentityProviderManager and OSGi component that tracks all external IDPs that are registered via OSGi. While OSGi setup is recommended way, it can equally be used in non-OSGi environments by manually adding and removing the providers.
There exists not default implementation for the other interfaces related to external identity management. However, Oak 1.0 provides support for third party authentication and identity management against LDAP covered by a separate module oak-auth-ldap. This is covered by section LDAP Integration.
In order to plug a custom implementation of the external identity management the following steps are required:
See CustomExternalIdentityProvider in the oak-exercise module for a very simplistic implementation for an OSGi-based Oak setup.
Since oak-auth-external provides a default ExternalIdentityProviderManager a custom identity management doesn’t need provide a separate implementation of this interface.
If you wish to provider your own ExternalIdentityProviderManager in an OSGi environment, please make sure it gets properly referenced by the ExternalLoginModuleFactory.