We are trying to extend OOTB AEM com.adobe.granite.auth.saml.SamlAuthenticationHandler, but since this bundle does not have any exported packages in AEM . We are not able to extend the functionality.
public class CustomSamlAuthHandler extends SamlAuthenticationHandler {
protected AuthnRequest createAuthnRequest() {
AuthnRequest authnRequest = super.createAuthnRequest();
//update AuthRequest
return authnRequest;
}
}
Hi @pradeep8910
Can you please check this
I just tried with ChatGPT, can you also try this.
Extending the out-of-the-box (OOTB) AEM com.adobe.granite.auth.saml.SamlAuthenticationHandler
requires creating a custom OSGi service that inherits from this class. This can allow you to add or override functionality to meet your specific requirements.
Here's a step-by-step guide to extending the SamlAuthenticationHandler
in AEM:
Create a new class in your AEM project that extends SamlAuthenticationHandler
.
package com.yourcompany.aem.custom.auth.saml;
import com.adobe.granite.auth.saml.SamlAuthenticationHandler;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.api.auth.Authenticator;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.api.scripting.SlingScriptHelper;
import org.apache.sling.api.scripting.SlingScriptHelperProvider;
import org.osgi.service.component.ComponentContext;
import javax.jcr.Session;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Map;
@Component(
immediate = true,
label = "Custom SAML Authentication Handler",
description = "Custom SAML Authentication Handler that extends the OOTB SAML Authentication Handler"
)
@Service(Authenticator.class)
public class CustomSamlAuthenticationHandler extends SamlAuthenticationHandler {
@Override
protected void activate(ComponentContext context) {
super.activate(context);
// Custom activation logic if needed
}
@Override
protected void deactivate(ComponentContext context) {
// Custom deactivation logic if needed
super.deactivate(context);
}
@Override
public boolean authenticate(HttpServletRequest request, HttpServletResponse response) {
// Custom authentication logic if needed
return super.authenticate(request, response);
}
@Override
public void dropCredentials(HttpServletRequest request, HttpServletResponse response) {
// Custom drop credentials logic if needed
super.dropCredentials(request, response);
}
@Override
public void login(HttpServletRequest request, HttpServletResponse response) {
// Custom login logic if needed
super.login(request, response);
}
}
Create an OSGi configuration file for your custom authentication handler.
// Create a file named `com.yourcompany.aem.custom.auth.saml.CustomSamlAuthenticationHandler.config`
enabled=B"true"
path="[/content]"
service.ranking=5000
hi @arunpatidar ,
We are not able to extend OOTB SamlAuthenticationhandler because
1) exported packages of OOTB bundle is empty. Even though we use it in our code base this might not be resolved in AEM instance
2) not able to find the same version in maven repo
Hi @pradeep8910
You can use the org.apache.sling.auth.core.spi.AuthenticationInfoPostProcessor
For the same purpose like this
@Component(service=AuthenticationInfoPostProcessor.class,
immediate = true)
@Designate(ocd = SAMLResponsePostProcessorImpl.Configuration.class)
public class SAMLResponsePostProcessorImpl implements AuthenticationInfoPostProcessor {
public static final Logger LOG = LoggerFactory.getLogger(SampleAuthenticationInfoPostProcessor.class);
@ObjectClassDefinition(name = "Value Store SAML Post Processor Configuration", description = "Configurations SAML Post Processor")
public @interface Configuration {
@AttributeDefinition(name = "Enable SAML post-login verification", type = AttributeType.BOOLEAN)
boolean enabled() default false;
}
@Override
public void postProcess(AuthenticationInfo info, HttpServletRequest request, HttpServletResponse response) {
if(info == null) {
LOG.debug("AuthenticationInfo is null. " + "Skip post processing this request.");
return;
}
String userId = info.getUser();
if (StringUtils.isNotBlank(userId)) {
/*Write your custom code here*/
}
}
protected void activate(final ComponentContext componentContext) {
final Dictionary<?, ?> properties = componentContext.getProperties();
}
}
Reference : https://hashimkhan.in/aem-adobecq5-code-templates/post-processor/
hi @pulkitvashisth ,
Our requirement is to update the Authn request while we rediect to IDP provider. so we cant use post processor
Why is the OOTB SAML authentication not enough? What do you want to achieve?
The request was to pass emailid as login_hint with as a queryparam in SAML AuthnRequest . This is solve some consumer identification issue for certain b2c consumers in azure AD, this was proposed by our azure team
Let me phrase it differently: What do you want to achieve with passing the emailid as a query parameter?
Views
Replies
Total Likes
@pradeep8910 Did you find the suggestion helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!
Views
Replies
Total Likes
Views
Likes
Replies