How does a Non-interactive Service account login to an SSO enabled AEM instance

Question

Hello,
We have AEM 6.5 running on a AWS EC2. The instance is SSO Authentication enabled with inbuilt SAML Authentication handler configuration with Azure AD as IDP. Now, how can I make a Non-Interactive Service account (MS) to be able to login to AEM Author instance for accessing an API.

Shashi_Mulugu · Accepted Answer

Hi @prasanthanandharaj , in that case you have to create a non-interactive-user profile in your AD, sync to AEM.

From your application, hit idp authentication endpoint with non-interactive user creds, get authentication, use same token to hit AEM

Or otherwise please explore service credentials in aem. It can be made via JWT tokens

https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/forms/forms-cs-assembler/service-credentials

Or otherwise is to use oauth authentication.

https://aemcorner.com/adobe-granite-oauth-authentication-handler/

Shashi_Mulugu · Answer

@prasanthanandharaj depends on your security policy level but simple is you can create a local user with password in your aem instance and use basic authentication header while making api request to aem for authentication and authorization

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded