AEM 6.1 com.adobe.granite.auth.saml.SamlAuthenticationHandler extend question | Community
Skip to main content
Peter_Puzanovs
Community Advisor
Peter_PuzanovsCommunity Advisor
Community Advisor
November 19, 2015
Solved

AEM 6.1 com.adobe.granite.auth.saml.SamlAuthenticationHandler extend question

  • November 19, 2015
  • 6 replies
  • 2157 views

In pre AEM 6.0 com.adobe.granite.auth.saml.SamlAuthenticationHandler was provided by the Adobe Granite - SAML 2.0 Authentication Handlercom.adobe.granite.auth.saml

Exported Packages

com.adobe.granite.auth.saml,version=0.1.18
com.adobe.granite.auth.saml.binding,version=0.1.18
com.adobe.granite.auth.saml.configuration,version=0.1.18
com.adobe.granite.auth.saml.model,version=0.1.18

Now, in AEM 6.1 this is no longer being exported nor provided via the same package

Exported Packages

com.adobe.granite.auth.saml.configuration,version=1.0.0
com.adobe.granite.auth.saml.model,version=0.3.0
com.adobe.granite.auth.saml.model.xml,version=0.3.0
com.adobe.granite.auth.saml.util,version=1.0.0
com.adobe.granite.auth.saml.util.io,version=0.2.4

This is clearly marked in both obfuscated uber jar and system/console.

How/what should be extended to provide additional logic during /saml_login ?

Thanks,

Peter

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Sham_HC

1,2 achievable with oob & not sure why custom implementation is required there. 

3:-   COuld not understand.

4:-  you can do it using filter.

5:-   update the cookie saml_request_path value to what ever url you need dynamically & do not need to depond on samlauthenticationhandler.

6 replies

smacdonald2008
smacdonald2008
November 19, 2015

I am looking for the reason within Adobe. Someone will post the reason. 

Peter_Puzanovs
Community Advisor
Peter_PuzanovsCommunity AdvisorAuthor
Community Advisor
November 19, 2015

Thank you Sir !

 

Looking forward for the reason.

Thanks,

Peter

Sham_HC
Sham_HC
November 19, 2015

In aem5x it was standalone and in aem6x it is factory that is you can configure multiple handler.    Can you please tell your business case for extend & there may be otherways to extend.

Peter_Puzanovs
Community Advisor
Peter_PuzanovsCommunity AdvisorAuthor
Community Advisor
November 19, 2015

Hi Sham,

Thank you for your reply,

Business case:

  1. User presense is checked with other systems(if user is present, only then authentication can happen successfully).
  2. User data is being loaded in AEM from other systems(user data is saved in CRX).
  3. IdpConfiguration is being changed
  4. Cookie manipulations are being performed.(cookies are set && refreshed)
  5. User is redirected to the most appropriate url during the login process.

Thanks,

Peter

Sham_HC
Sham_HCAccepted solution
November 19, 2015

1,2 achievable with oob & not sure why custom implementation is required there. 

3:-   COuld not understand.

4:-  you can do it using filter.

5:-   update the cookie saml_request_path value to what ever url you need dynamically & do not need to depond on samlauthenticationhandler.

Peter_Puzanovs
Community Advisor
Peter_PuzanovsCommunity AdvisorAuthor
Community Advisor
November 20, 2015

Hi Sham,

Ours is a multisite project and upon user login we derive the user home page based upon his user registration details. We keep the user registration details in DB. So after user log in our program connects to DB and fetch the user details and derive the user home page and then redirect the user to the respective home page. Now, if we will use default SAMLAuthentication handler then it asks for the default redirect URL and redirects the user to that url after login which we don't want. That's why we have extended SAMLAuthenticationHandler and overridden the authenticationSucceeded method by which we are not letting default SAMLAuthentication handler to redirect. Default SAMLAuthentication handler does the job of parsing SAML,creating CRX user and CRX session e.t.c and our class which is extended SAMLAuthentication handler is doing the job of fetching the user profile details and deriving the home page and then doing the redirect.  hope it answers your question.

Yes, we can't set our home page URL in Saml_request_path cookie as this cookie is getting created if user has bookmarked an URL and it doesn't have the active session in the browser then SAMLAuthentication handler redirects the user to IDP and creates a saml_request_path cookie by keeping that bookmarked url as the cookie value. 

Thanks,

Peter

Terms & ConditionsAccessibility statement

Loading footer...