Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
SOLVED

SSO and securing a form

Avatar

Level 7

Hello,

 

I have set up SAML authentication on our server.  I would like to protect only a folder of AEM Adaptive Forms.  I suspect I can use the Path in the Authentication handler and use the Mixins as describe in the documentation for we-retail.  This is the first thing that requires feedback.

 

Secondarily, I need to allow users to View and Submit the form, but not Edit the form.  I suspect that I will have AEM automatically provision the user and put them in a group that only has form-users role?  Would this protect the form from being edited?

 

Of course, if I'm going down the wrong path, any additional advice would be great.

 

Thanks,

Charles

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hey @crich2784 

 

Let me give you a couple of insights:

1. Yes, you can protect with SAML-specific "paths" of the content tree, meaning that if you hit specific "paths" the Authentication will occur, this is achievable through the Adobe Granite SAML 2.0 Authentication Handler configuration as you mentioned

EstebanBustamante_0-1692108382661.png

2.To protect your forms from being edited, there are a couple of approaches. If you plan to enable SOO on the Publish server, you don't need to worry about it, as the authoring UI is not available there. However, if you plan to enable SOO on the Author server, this should be managed through regular AEM ACLs. In the same Adobe Granite SAML 2.0 Authentication Handler configuration, you can define groups to which users who successfully log in to AEM should be added. This can help ensure that users who are part of that group are not given editable permissions for your forms.

EstebanBustamante_1-1692108588094.png

 

 

 



Esteban Bustamante

View solution in original post

1 Reply

Avatar

Correct answer by
Community Advisor

Hey @crich2784 

 

Let me give you a couple of insights:

1. Yes, you can protect with SAML-specific "paths" of the content tree, meaning that if you hit specific "paths" the Authentication will occur, this is achievable through the Adobe Granite SAML 2.0 Authentication Handler configuration as you mentioned

EstebanBustamante_0-1692108382661.png

2.To protect your forms from being edited, there are a couple of approaches. If you plan to enable SOO on the Publish server, you don't need to worry about it, as the authoring UI is not available there. However, if you plan to enable SOO on the Author server, this should be managed through regular AEM ACLs. In the same Adobe Granite SAML 2.0 Authentication Handler configuration, you can define groups to which users who successfully log in to AEM should be added. This can help ensure that users who are part of that group are not given editable permissions for your forms.

EstebanBustamante_1-1692108588094.png

 

 

 



Esteban Bustamante