Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

AEM Single Sign On using OAuth 2 (AEM 6.1)

Avatar

Avatar
Give Back
Level 1
Sagar_Sane
Level 1

Like

1 like

Total Posts

9 posts

Correct Reply

0 solutions
Top badges earned
Give Back
Ignite 1
Validate 1
Boost 1
Applaud 5
View profile

Avatar
Give Back
Level 1
Sagar_Sane
Level 1

Like

1 like

Total Posts

9 posts

Correct Reply

0 solutions
Top badges earned
Give Back
Ignite 1
Validate 1
Boost 1
Applaud 5
View profile
Sagar_Sane
Level 1

20-04-2017

Hello all,

I wanted to confirm this. I know AEM has out of the box support for Single Sign On using SAML (https://docs.adobe.com/docs/en/aem/6-2/deploy/configuring/single-sign-on.html). However, we have a requirement where the client prefers to use OAuth for Single Sign On instead of SAML.

Is that possible in AEM 6.1 (vanilla) Out of the box? Or would we have to implement a customer login module to do that?

Thank you.

Sagar Sane

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Validate 1
Level 8
MC_Stuff
Level 8

Likes

78 likes

Total Posts

467 posts

Correct Reply

158 solutions
Top badges earned
Validate 1
Boost 50
Boost 5
Boost 3
Boost 25
View profile

Avatar
Validate 1
Level 8
MC_Stuff
Level 8

Likes

78 likes

Total Posts

467 posts

Correct Reply

158 solutions
Top badges earned
Validate 1
Boost 50
Boost 5
Boost 3
Boost 25
View profile
MC_Stuff
Level 8

20-04-2017

Hi Sagar,

Firstly oAuth is not sso,  though there are some similarities. Each Oauth & SSO are for different use case. 

AEM provide oAuth out of the box. On top of it  OOB face book integration, market cloud etc...   make use of that framework already.   Watch https://docs.adobe.com/ddc/en/gems/oauth-server-functionality-in-aem---embrace-federation-and-unlea.... for more details.

Thanks,

Answers (6)

Answers (6)

Avatar

Avatar
Employee
digarg
Employee

Likes

0 likes

Total Posts

1 post

Correct Reply

0 solutions
View profile

Avatar
Employee
digarg
Employee

Likes

0 likes

Total Posts

1 post

Correct Reply

0 solutions
View profile
digarg
Employee

17-10-2020

Hi @Sagar_Sane  : did you get any leads there ? any references?

Avatar

Avatar
Level 1
davidm57823599
Level 1

Likes

0 likes

Total Posts

2 posts

Correct Reply

0 solutions
View profile

Avatar
Level 1
davidm57823599
Level 1

Likes

0 likes

Total Posts

2 posts

Correct Reply

0 solutions
View profile
davidm57823599
Level 1

13-10-2017

As a first configuration step it looks like you need to set up an OAUTH Granite Application and Provider configuration, using the Client ID and Provider ID created by your provider.   Then save the Granite OAUTH Authentication Handler to enable (just have to save it with no configuration change apparently (or add node info here I think).  https://aemcorner.com/adobe-granite-oauth-authentication-handler/

Avatar

Avatar
Level 1
davidm57823599
Level 1

Likes

0 likes

Total Posts

2 posts

Correct Reply

0 solutions
View profile

Avatar
Level 1
davidm57823599
Level 1

Likes

0 likes

Total Posts

2 posts

Correct Reply

0 solutions
View profile
davidm57823599
Level 1

13-10-2017

Yes, I am looking for same - want to configure AEM on a particular node to use OAUTH provider (Okta OIDC) to provide single sign-on.

Avatar

Avatar
Give Back
Level 1
Sagar_Sane
Level 1

Like

1 like

Total Posts

9 posts

Correct Reply

0 solutions
Top badges earned
Give Back
Ignite 1
Validate 1
Boost 1
Applaud 5
View profile

Avatar
Give Back
Level 1
Sagar_Sane
Level 1

Like

1 like

Total Posts

9 posts

Correct Reply

0 solutions
Top badges earned
Give Back
Ignite 1
Validate 1
Boost 1
Applaud 5
View profile
Sagar_Sane
Level 1

25-04-2017

Hi MC Stuff,

Okay thank you for your response. I'll take a look at it again.

I Appreciate the help!

Sincerely,

Sagar Sane

Avatar

Avatar
Validate 1
Level 8
MC_Stuff
Level 8

Likes

78 likes

Total Posts

467 posts

Correct Reply

158 solutions
Top badges earned
Validate 1
Boost 50
Boost 5
Boost 3
Boost 25
View profile

Avatar
Validate 1
Level 8
MC_Stuff
Level 8

Likes

78 likes

Total Posts

467 posts

Correct Reply

158 solutions
Top badges earned
Validate 1
Boost 50
Boost 5
Boost 3
Boost 25
View profile
MC_Stuff
Level 8

25-04-2017

Hi Sagar,

    I have watched the presentation almost 10 times to get a solid understanding & antonia has confirmed have both server & client.   In fact location to configure client is [A].   If you have used adobe marketing cloud (AMC) AND aem Integration,  The AMC itself is using the oAuth Client.   Documentation needs major improvement in this area & reach out to official support channel for further detailed steps.    You can make use of Provider if needs additinal information to be passed during authorization process.     

[A]   http://host:port/libs/granite/oauth/content/clients.html

Thanks,

Avatar

Avatar
Give Back
Level 1
Sagar_Sane
Level 1

Like

1 like

Total Posts

9 posts

Correct Reply

0 solutions
Top badges earned
Give Back
Ignite 1
Validate 1
Boost 1
Applaud 5
View profile

Avatar
Give Back
Level 1
Sagar_Sane
Level 1

Like

1 like

Total Posts

9 posts

Correct Reply

0 solutions
Top badges earned
Give Back
Ignite 1
Validate 1
Boost 1
Applaud 5
View profile
Sagar_Sane
Level 1

23-04-2017

Thanks MC Stuff!

Yes that makes sense to me. However, I did take look at the OAuth integration mentioned https://docs.adobe.com/ddc/en/gems/oauth-server-functionality-in-aem---embrace-federation-and-unlea....However, I think that shows OAuth Server support in AEM. I think if I have to simulate SSO behavior using OAuth, I think my need is to use AEM as an OAuth client instead. So an OAuth Client (AEM) -> OAuth Server (non-AEM) instead of OAuth Client (non-AEM) -> OAuth Server (AEM) .

To give a little more context -- the client has the below functionality on a non-AEM system today and wants to migrate it to AEM. They are essentially simulating single sign on (but not in its true sense) to protect a sub-tree in the system using OAuth based authorization system.

Below are the details -

- For a sub-domain or a sub-directory (i.e., something.example.com OR example.com/something) that maps to a landing page in the content tree (say /content/example/something/landing-page), if the user is not Authorized already, he should be taken to a Login Screen on an enterprise system that is a NetIQ system. 

- From there the user logs in using Corporate Credentials. The user is authenticated on the NetIQ system and it sends back an OAuth Token. AEM then validates that token and the user is then served the landing-page.

This example has a sample implementation of the OAuth Provider. Do you think this is the right approach for what I am trying to do?

Also, to clarify -- the use case for me is to use AEM as an OAuth client on the publish instances and not author instances.

Please let me know your thoughts.

Thanks,

Sagar Sane