User creation - SAML response stored in crx | Community
Skip to main content
srikanthp689160
srikanthp689160
Level 4
September 24, 2019
Solved

User creation - SAML response stored in crx

  • September 24, 2019
  • 5 replies
  • 3561 views

Hi,

We are trying to leverage SAML Authentication Handler for SSO in our application. In Adobe Granite SAML 2.0 Authentication Handler configuration Autocreate CRX Users is checked. After successful authentication, user gets created in crx along with that we can find a property samlResponse at user node which contains encrypted SAML response.

Is there anyway we can avoid storing SAML response in crx as we are not authorized to store user personal information like email, phone etc...?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by user05162

I believe this is working as designed. In case you would like to make it more secure, you can turn on the encryption and have the encrypted response saved in AEM so that it can only be decoded using the private key.

5 replies

U
Adobe Employee
user05162Adobe Employee
Adobe Employee
September 24, 2019

You can use the "Synchronized Attributes" in the SAML handler to configure the attributes that should be synced/stored with AEM.

srikanthp689160
srikanthp689160Author
Level 4
September 24, 2019

Hi JaideepBrar,

Synchronized Attributes field is left blank, after successful login user gets created in crx but i can still see the property samlResponse.

U
Adobe Employee
user05162Adobe EmployeeAccepted solution
Adobe Employee
September 24, 2019

I believe this is working as designed. In case you would like to make it more secure, you can turn on the encryption and have the encrypted response saved in AEM so that it can only be decoded using the private key.

srikanthp689160
srikanthp689160Author
Level 4
September 25, 2019

Thanks Jaideep.

srikanthp689160
srikanthp689160Author
Level 4
September 25, 2019

Hi Jaideep,

Any references on custom AuthenticationInfoPostProcessor where i can get SAML response from request, read it to get details in AEM 6.4 instead of decrypting samlResponse property from user node after successful login?

Referred this blog http://apoorva-ganapathy.blogspot.com/2016/08/aem-processing-saml-response-using.html but both httpRequest.getPathInfo() and httpRequest.getParameter("saml_login") are null in custom AuthenticationInfoPostProcessor.

Thanks & Regards,

Srikanth Pogula.

https://forums.adobe.com/thread/2652904

Terms & ConditionsAccessibility statement

Loading footer...