Azure Entra ID as OAuth Handler for server-to-server access for third party application to AEM servlet

Question

Hello All,

We have a requirement where we want to expose AEM servlet urls to third party application using Azure Ad Oauth authentication.

We are using AEM 6.5 with 6.5.21 service pack (AEM standalone on azure VM and not AEM as cloud)

We can author environment only and all servlets are secured authentication by default (Basic Auth). Instead od basic authentication, we want to use Azure Entra Oauth where third party application will get access token from Azure and pass as Bearer {access_token} in Authorization Header to AEM servlet.

We want it to be server to server authentication, i.e. 2-legged authentication using client_credentials grant type.

Third party will call azure, get access token, and pass it to AEM servlet. It should authenticate and servlet should be triggered.

Is it possible from AEM side? As AEM supports only 3-legged authentication not 2-legged I am not able get any firm documentation for it or any working code. If it is possible, can you please send any documentation for it or working scenarios for it and what changes/configurations need to be made from AEM side.

If needed we can get on all for more details.

Note : There is only author environment, no publisher. So, servlets are behind authentication only (by default)

Vinay-Lakshman · Accepted Answer

Hi @monish_gavali_23,

Checking this thread [1], it looks like AEM does not support the client_credentials flow, i.e., 2-legged authentication but the thread seems to be quite old so I am not sure if there have been any updates since.

[1] - https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-6-4-oauth-2-legged-authorization/m-p/327454/highlight/true#M33492

Hope this helps,

Vinay

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded