AEM SAML 2.0 Authentication Handler | AEM Community Discussion

Avatar

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,200 likes

Total Posts

6,394 posts

Correct reply

1,147 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,200 likes

Total Posts

6,394 posts

Correct reply

1,147 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile
kautuk_sahni
Community Manager

02-06-2020

BlogImage.jpg

AEM SAML 2.0 Authentication Handler by Adobe

Abstract

AEM ships with a SAML authentication handler. This handler provides support for the SAML 2.0 Authentication Request Protocol (Web-SSO profile) using the HTTP POST binding.
It supports:
1. signing and encryption of messages
2.automatic creation of users
3. synching groups to existsing ones in AEM
4. Service Provider and Identity Provider initiated authentication
This handler stores the encrypted SAML response message in the user-node ( usernode/samlResponse ) to facilitate communication with a third-party Service Provider.

Read Full Blog

AEM SAML 2.0 Authentication Handler

Q&A

Please use this thread to ask the related questions.

Replies

Avatar

Avatar
Validate 1
Level 1
nishaSharma
Level 1

Like

1 like

Total Posts

12 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Give Back
Boost 1
View profile

Avatar
Validate 1
Level 1
nishaSharma
Level 1

Like

1 like

Total Posts

12 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Give Back
Boost 1
View profile
nishaSharma
Level 1

04-06-2020

We have a usecase like: We have integrated AEM SAML(OOTB) with Azure AD for user authentication. Now In Azure they have limitation that they can provide max of 150 groups(user belongs to) in saml response. In our case we have some users who belongs to more than 150 groups and in this case in saml response we get a url link in place of group information. User gets authenticated from azure but couldn't landed up with any AEM screen as saml response doesn't contain group information to redirect user to authorized page. Azure team says we need to call a rest m/s graph api to get group information in such case using that link.

Can anyone suggest how we can achieve this? Do we need to write custom SAML authentication handler? how to call graph apis?

Avatar

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,200 likes

Total Posts

6,394 posts

Correct reply

1,147 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,200 likes

Total Posts

6,394 posts

Correct reply

1,147 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile
kautuk_sahni
Community Manager

05-06-2020

This is interesting. I request you to please create a separate question for this one. This could be used for posterity. 

Avatar

Avatar
Validate 1
Level 1
nishaSharma
Level 1

Like

1 like

Total Posts

12 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Give Back
Boost 1
View profile

Avatar
Validate 1
Level 1
nishaSharma
Level 1

Like

1 like

Total Posts

12 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Give Back
Boost 1
View profile
nishaSharma
Level 1

05-06-2020

Thanks..

 

Please let me know where I can post this question. I am looking for the solution asap for implementing this in our project.

 

-Nisha