SSO and securing a form

Question

Hello,

I have set up SAML authentication on our server. I would like to protect only a folder of AEM Adaptive Forms. I suspect I can use the Path in the Authentication handler and use the Mixins as describe in the documentation for we-retail. This is the first thing that requires feedback.

Secondarily, I need to allow users to View and Submit the form, but not Edit the form. I suspect that I will have AEM automatically provision the user and put them in a group that only has form-users role? Would this protect the form from being edited?

Of course, if I'm going down the wrong path, any additional advice would be great.

Thanks,

Charles

EstebanBustamante · Accepted Answer

Hey @crich2784

Let me give you a couple of insights:

1. Yes, you can protect with SAML-specific "paths" of the content tree, meaning that if you hit specific "paths" the Authentication will occur, this is achievable through the Adobe Granite SAML 2.0 Authentication Handler configuration as you mentioned

2.To protect your forms from being edited, there are a couple of approaches. If you plan to enable SOO on the Publish server, you don't need to worry about it, as the authoring UI is not available there. However, if you plan to enable SOO on the Author server, this should be managed through regular AEM ACLs. In the same Adobe Granite SAML 2.0 Authentication Handler configuration, you can define groups to which users who successfully log in to AEM should be added. This can help ensure that users who are part of that group are not given editable permissions for your forms.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded