User gets authenticated from azure but couldn't landed up with any AEM screen as saml response doesn't contain group information to redirect user to authorized page. Azure team says we need to call a REST Microsoft graph api to get group information in such case using that group.link.
We need to handle both scenarios: 1. User belongs to less than equal to 150 groups 2. User belongs to more than 150 groups
Can anyone suggest how we can achieve this? Do we need to write custom SAML authentication handler? how to call graph apis?
It sounds as if you've worked with Azure AD support, so I may be mistaken in this suggestion, but if not, it might be a quick fix.
I believe that Azure AD has a configuration in either the application or the claim that allows you to specify which groups would be included the group claim. Presuming you have fewer than 150 AEM-relevant groups, if that configuration exists, you should be able to have Azure AD in effect filter the group claim to only specific groups that are relevant.
I may be thinking of Okta or ADFS and if so, my apologies. But if correct, this will be far easier than a custom SAML handler.