Moving secrets from Ldap Identity provider XML to Hashicorp vault (secrets management system)

Question

We are using LdapIdentityProvider.xml to connect to our organization's Ldap interface for the login functionality in AEM.

As a security measure, We want to move the password information to 'vault secrets management system'. We have a custom service , which we use to read vault secrets.

Could anyone please help with a way to extend AEM Ldap service (not sure of the exact name of service) , so that we can add our custom code to read Ldap secret from vault ?

Kiran_Vedantam · Accepted Answer

Hi @sarthakuiit  To achieve thisCreate a Vault ConfigurationUpdate LDAP Identity Provider ConfigurationModify the LdapIdentityProvider.xml configuration to use placeholders for the LDAP credentials, which will be replaced at runtime. Create a Custom OSGi ServiceReference Custom Service in LDAP Identity ProviderModify the LDAP Identity Provider code to reference your custom service for retrieving the LDAP password.Update Component and Service References:Hope this helps! Thanks,Kiran Vedantam.

kautuk_sahni · Answer

@aanchal-sikka @jorganer @lokesh_vajrala @ksh_ingole7 @kiran_vedantam @uppari_ramesh Can you please review this unanswered question? Appreciate your thoughts on this.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded