Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!

AEM Custom Saml Authentication Handler

Avatar

Level 3
Level 3
7/1/24 12:20:00 AM

We are trying to extend OOTB AEM com.adobe.granite.auth.saml.SamlAuthenticationHandler, but since this bundle does not have any exported packages in AEM . We are not able to extend the functionality. 

public class CustomSamlAuthHandler extends SamlAuthenticationHandler {

        protected AuthnRequest createAuthnRequest() {
                AuthnRequest authnRequest = super.createAuthnRequest();

                //update AuthRequest
                return authnRequest;
        }

}

 @arunpatidar 

 @pavan_ainampudi 

Views

705

Replies

8
Sign in to like this content

Total Likes

Translate
Translate
8 Replies

Avatar

Community Advisor
Community Advisor
7/1/24 12:47:24 AM

Hi @pradeep8910 
Can you please check this 

https://medium.com/@lars.auffarth/building-an-aem-custom-authentication-handler-for-okta-openid-conn...

 

I just tried with ChatGPT, can you also try this.

 

Spoiler
ChatGPT Response

 

Extending the out-of-the-box (OOTB) AEM com.adobe.granite.auth.saml.SamlAuthenticationHandler requires creating a custom OSGi service that inherits from this class. This can allow you to add or override functionality to meet your specific requirements.

Here's a step-by-step guide to extending the SamlAuthenticationHandler in AEM:

 

Create a new class in your AEM project that extends SamlAuthenticationHandler.

package com.yourcompany.aem.custom.auth.saml;

import com.adobe.granite.auth.saml.SamlAuthenticationHandler;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.api.auth.Authenticator;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.api.scripting.SlingScriptHelper;
import org.apache.sling.api.scripting.SlingScriptHelperProvider;
import org.osgi.service.component.ComponentContext;

import javax.jcr.Session;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Map;

@Component(
        immediate = true,
        label = "Custom SAML Authentication Handler",
        description = "Custom SAML Authentication Handler that extends the OOTB SAML Authentication Handler"
)
@Service(Authenticator.class)
public class CustomSamlAuthenticationHandler extends SamlAuthenticationHandler {

    @Override
    protected void activate(ComponentContext context) {
        super.activate(context);
        // Custom activation logic if needed
    }

    @Override
    protected void deactivate(ComponentContext context) {
        // Custom deactivation logic if needed
        super.deactivate(context);
    }

    @Override
    public boolean authenticate(HttpServletRequest request, HttpServletResponse response) {
        // Custom authentication logic if needed
        return super.authenticate(request, response);
    }

    @Override
    public void dropCredentials(HttpServletRequest request, HttpServletResponse response) {
        // Custom drop credentials logic if needed
        super.dropCredentials(request, response);
    }

    @Override
    public void login(HttpServletRequest request, HttpServletResponse response) {
        // Custom login logic if needed
        super.login(request, response);
    }
}

 

Create an OSGi configuration file for your custom authentication handler.

// Create a file named `com.yourcompany.aem.custom.auth.saml.CustomSamlAuthenticationHandler.config`
enabled=B"true"
path="[/content]"
service.ranking=5000

 

 

 

 



Arun Patidar

Views

697

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
7/1/24 1:06:12 AM
In response to arunpatidar

hi @arunpatidar ,

We are not able to extend OOTB SamlAuthenticationhandler  because

1) exported packages of OOTB bundle is empty. Even though we use it in our code base this might not be resolved in AEM instance

2) not able to find the same version in maven repo

pradeep8910_1-1719821159980.png

 

Views

677

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
7/1/24 1:58:22 AM

Hi @pradeep8910 
You can use the org.apache.sling.auth.core.spi.AuthenticationInfoPostProcessor
For the same purpose  like this

@Component(service=AuthenticationInfoPostProcessor.class,
        immediate = true)
@Designate(ocd = SAMLResponsePostProcessorImpl.Configuration.class)
public class SAMLResponsePostProcessorImpl implements AuthenticationInfoPostProcessor {
 
    public static final Logger LOG = LoggerFactory.getLogger(SampleAuthenticationInfoPostProcessor.class);

@ObjectClassDefinition(name = "Value Store SAML Post Processor Configuration", description = "Configurations SAML Post Processor")
    public @interface Configuration {

        @AttributeDefinition(name = "Enable SAML post-login verification", type = AttributeType.BOOLEAN)
        boolean enabled() default false;
    }
     
    @Override
    public void postProcess(AuthenticationInfo info, HttpServletRequest request, HttpServletResponse response) {
 
        if(info == null) {
            LOG.debug("AuthenticationInfo is null. " + "Skip post processing this request.");
            return;
        }
        String userId = info.getUser();
        if (StringUtils.isNotBlank(userId)) {
           /*Write your custom code here*/
        }
    }
 
    protected void activate(final ComponentContext componentContext) {
        final Dictionary<?, ?> properties = componentContext.getProperties();
 
    }
}

 Reference : https://hashimkhan.in/aem-adobecq5-code-templates/post-processor/

 

Views

670

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
7/1/24 4:00:08 AM
In response to pulkitvashisth

hi @pulkitvashisth ,

 

Our requirement is to update the Authn request while we rediect to IDP provider. so we cant use post processor

Views

617

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
7/1/24 4:27:03 AM

Why is the OOTB SAML authentication not enough? What do you want to achieve?

Views

607

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
7/1/24 5:31:56 AM
In response to Jörg_Hoh

 The request was to pass emailid as login_hint with as a queryparam in  SAML AuthnRequest . This is solve some consumer identification issue for certain b2c consumers in azure AD, this was proposed by our azure team

Views

582

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
7/17/24 12:29:34 PM
In response to pradeep8910

Let me phrase it differently: What do you want to achieve with passing the emailid as a query parameter? 

Views

428

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Administrator
Administrator
7/8/24 11:00:41 AM

@pradeep8910 Did you find the suggestion helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you! 



Kautuk Sahni

Views

487

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Dependency issues when PDF Services SDK is installed on AEM 6.5.21

Views

192

Likes

0

Replies

1
AEM Event listener - AEM 6.5

Views

182

Likes

0

Replies

2
Pages count in AEM Launches

Views

184

Likes

0

Replies

2
Best Practices for Implementing Adobe Experience Manager (AEM) in 2024

Views

228

Likes

0

Replies

0
Modify the paraformat options within the AEM RTE of the Text Core Component

Views

289

Likes

0

Replies

5