AEM SAML 2.0 Authentication Handler | AEM Community Discussion | Community
Skip to main content
kautuk_sahni
Community Manager
kautuk_sahniCommunity Manager
Community Manager
June 2, 2020

AEM SAML 2.0 Authentication Handler | AEM Community Discussion

  • June 2, 2020
  • 2 replies
  • 5718 views

BlogImage.jpg

AEM SAML 2.0 Authentication Handler by Adobe

Abstract

AEM ships with a SAML authentication handler. This handler provides support for the SAML 2.0 Authentication Request Protocol (Web-SSO profile) using the HTTP POST binding.
It supports:
1. signing and encryption of messages
2.automatic creation of users
3. synching groups to existsing ones in AEM
4. Service Provider and Identity Provider initiated authentication
This handler stores the encrypted SAML response message in the user-node ( usernode/samlResponse ) to facilitate communication with a third-party Service Provider.

Read Full Blog

AEM SAML 2.0 Authentication Handler

Q&A

Please use this thread to ask the related questions.

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

    2 replies

    nishaSharma
    nishaSharma
    Level 2
    June 4, 2020

    We have a usecase like: We have integrated AEM SAML(OOTB) with Azure AD for user authentication. Now In Azure they have limitation that they can provide max of 150 groups(user belongs to) in saml response. In our case we have some users who belongs to more than 150 groups and in this case in saml response we get a url link in place of group information. User gets authenticated from azure but couldn't landed up with any AEM screen as saml response doesn't contain group information to redirect user to authorized page. Azure team says we need to call a rest m/s graph api to get group information in such case using that link.

    Can anyone suggest how we can achieve this? Do we need to write custom SAML authentication handler? how to call graph apis?

      kautuk_sahni
      Community Manager
      kautuk_sahniCommunity ManagerAuthor
      Community Manager
      June 5, 2020

      This is interesting. I request you to please create a separate question for this one. This could be used for posterity. 

      Kautuk Sahni
      nishaSharma
      nishaSharma
      Level 2
      June 5, 2020

      Thanks..

       

      Please let me know where I can post this question. I am looking for the solution asap for implementing this in our project.

       

      -Nisha

      P
      Prasad
      Level 2
      April 19, 2023

      We have some different requirement 

      When AEM page request redirected to OKTA for authentication , When user got authenticated from Okta and user got created in AEM , at the same time, we Need to make third party API call and get the groups list and then assign the user to those groups in AEM.
       
      It looks like only option is Custom SAML Authentication handler. (Not just Authentication handler).

      It seems adobe is not exposing com.adobe.granite.auth.saml and  we need to create entire module.
       
       
      We are combining CUG ( closed user group with CUG) with OKTA SAML sso . If we try Authentication Info Post Processor, user is assigned to groups. But, sling authenticator called first. For first request we are getting 404 and when we refresh the page, second time it is working ( Since Sling authenticator gets called before Post processor ) 


      Any suggestions/information on this?

      Thanks in advacne.


      https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/sso-in-aem-custom-saml-authentication-handler-in-aem/td-p/588020

      Terms & ConditionsAccessibility statement

      Loading footer...