Adobe Experience Manager Sites & More

kautuk_sahni · 5/25/23

AEM as a Cloud Service – Authentication made simple by Disha Satish

Abstract

Authentication in AEM as a Cloud Service is a critical aspect of securing the platform. It also ensures that only authorized users have access to sensitive data and functionality. In this blog post, we will explore the different authentication options available in AEM as a Cloud Service for author environment, how authentication in AEM as a Cloud service works, how authentication in AEM as a Cloud Service differs from on-premise, and its limitations and best practices for implementing them. Authentication for end users in custom web application is not discussed in this blog.

Types of Authentications:
AEM as a Cloud Service supports several authentication methods, including:

Adobe IMS Authentication:
Adobe Identity Management System (IMS) is the default authentication mechanism provided by AEM as a Cloud Service. It allows users to log in using their Adobe ID credentials, which provides a secure and streamlined authentication experience. Adobe IMS Authentication is the recommended authentication method for AEM as a Cloud Service, as it is the most straightforward and secure option for most users.

Federated Authentication:
Federated authentication is a method that allows users to log in using their existing credentials from another trusted identity provider. This approach simplifies the login process for users and allows organizations to manage authentication centrally. AEM as a Cloud Service supports several federated authentication methods, including SAML and OpenID Connect.

Read Full Blog

AEM as a Cloud Service – Authentication made simple

Q&A

Please use this thread to ask the related questions.

rawvarun · 5/26/23

Quite informative

OliverSapient · 7/30/24

I wish there were a dislike button. I would request @kautuk_sahni . to please avoid spreading misinformation like this or rather kindly check the information before sharing it.

The link you shared states that

"AEM as a Cloud Service also supports federated authentication methods, such as SAML and OpenID Connect. These methods allow users to authenticate themselves using their existing credentials from another trusted identity provider."

This statement is absolutely false. We are in the planning stages of migrating our code from AEM on Prem to AEMaaCS and as of now we use Cognito as our IDP that only does Open ID Connect(OIDC) we managed this with Custom Authentication Handler.

Now with AEMaaCS this does not seem possible we have confirmed this with Adobe Enterprise Support This is my case number.

https://adminconsole.adobe.com/A2A22CED5EA397EF0A495EE1@AdobeOrg/support/support-cases/E-001308502

This is the response that we received from AEM Support

"Adobe IMS currently supports federated authentication but only through SAML 2.0. The primary documentation for AEM as a Cloud Service (AEMaaCS) specifies that Adobe IMS supports authentication for AEM authors, admins, and developers using SAML 2.0 compliant Identity Providers (IDPs). There is no mention of support for OpenID Connect (OIDC) in the official documentation. "

Official Docs:

https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/security/ims-sup...

kautuk_sahni · 7/30/24

@OliverSapient Thank you for your feedback. If you notice that this post was from 2023, and the content may not be accurate or aligned with current best practices (which could be best practice then). This is valuable feedback for us as we work on our archiving plan to address outdated threads. We appreciate your insights and will take them into account.

Adobe Experience Manager Sites & More

AEM as a Cloud Service – Authentication made simple | AEM Community Blog Seeding

AEM as a Cloud Service – Authentication made simple by Disha Satish

Abstract

Read Full Blog

AEM as a Cloud Service – Authentication made simple

Q&A

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe