Expand my Community achievements bar.

SOLVED

AEM 6.1 com.adobe.granite.auth.saml.SamlAuthenticationHandler extend question

Avatar

Community Advisor

In pre AEM 6.0 com.adobe.granite.auth.saml.SamlAuthenticationHandler was provided by the Adobe Granite - SAML 2.0 Authentication Handlercom.adobe.granite.auth.saml

Exported Packages

com.adobe.granite.auth.saml,version=0.1.18
com.adobe.granite.auth.saml.binding,version=0.1.18
com.adobe.granite.auth.saml.configuration,version=0.1.18
com.adobe.granite.auth.saml.model,version=0.1.18

Now, in AEM 6.1 this is no longer being exported nor provided via the same package

Exported Packages

com.adobe.granite.auth.saml.configuration,version=1.0.0
com.adobe.granite.auth.saml.model,version=0.3.0
com.adobe.granite.auth.saml.model.xml,version=0.3.0
com.adobe.granite.auth.saml.util,version=1.0.0
com.adobe.granite.auth.saml.util.io,version=0.2.4

This is clearly marked in both obfuscated uber jar and system/console.

How/what should be extended to provide additional logic during /saml_login ?

Thanks,

Peter

1 Accepted Solution

Avatar

Correct answer by
Level 10

1,2 achievable with oob & not sure why custom implementation is required there. 

3:-   COuld not understand.

4:-  you can do it using filter.

5:-   update the cookie saml_request_path value to what ever url you need dynamically & do not need to depond on samlauthenticationhandler.

View solution in original post

6 Replies

Avatar

Level 10

I am looking for the reason within Adobe. Someone will post the reason. 

Avatar

Community Advisor

Thank you Sir !

 

Looking forward for the reason.

Thanks,

Peter

Avatar

Level 10

In aem5x it was standalone and in aem6x it is factory that is you can configure multiple handler.    Can you please tell your business case for extend & there may be otherways to extend.

Avatar

Community Advisor

Hi Sham,

Thank you for your reply,

Business case:

  1. User presense is checked with other systems(if user is present, only then authentication can happen successfully).
  2. User data is being loaded in AEM from other systems(user data is saved in CRX).
  3. IdpConfiguration is being changed
  4. Cookie manipulations are being performed.(cookies are set && refreshed)
  5. User is redirected to the most appropriate url during the login process.

Thanks,

Peter

Avatar

Correct answer by
Level 10

1,2 achievable with oob & not sure why custom implementation is required there. 

3:-   COuld not understand.

4:-  you can do it using filter.

5:-   update the cookie saml_request_path value to what ever url you need dynamically & do not need to depond on samlauthenticationhandler.

Avatar

Community Advisor

Hi Sham,

Ours is a multisite project and upon user login we derive the user home page based upon his user registration details. We keep the user registration details in DB. So after user log in our program connects to DB and fetch the user details and derive the user home page and then redirect the user to the respective home page. Now, if we will use default SAMLAuthentication handler then it asks for the default redirect URL and redirects the user to that url after login which we don't want. That's why we have extended SAMLAuthenticationHandler and overridden the authenticationSucceeded method by which we are not letting default SAMLAuthentication handler to redirect. Default SAMLAuthentication handler does the job of parsing SAML,creating CRX user and CRX session e.t.c and our class which is extended SAMLAuthentication handler is doing the job of fetching the user profile details and deriving the home page and then doing the redirect.  hope it answers your question.

Yes, we can't set our home page URL in Saml_request_path cookie as this cookie is getting created if user has bookmarked an URL and it doesn't have the active session in the browser then SAMLAuthentication handler redirects the user to IDP and creates a saml_request_path cookie by keeping that bookmarked url as the cookie value. 

Thanks,

Peter