Please see if anybody can help me on below use case by suggesting a solution.
We have our internal users(company staff) in ADFS and external users in AEM repository. The requirement is that when any internal user tries to access the application URL from corporate network, they should be directly authenticated from ADFS using windows authentication and land to the application home page(doesn't matter even if they don't exist in AEM repo).
Whereas when external user(will exists in AEM repo) tries to access the application URL (obviously from outside office network), they should be challenged with user credentials(Login page will be shown to them).
Can we achieve this using SAML authentication handler? As per my understanding SAML has a limitation that users must exists in AEM repo, but in our case client doesn't want to store internal users in Aem.
Also, what would be the better approach to check this internal and external uesr request to redirect them accordingly?
Solved! Go to Solution.
Views
Replies
Total Likes
Hi Nisha,
ADFS/SAML imleplementation
1. Implement SAML Server and provide ADFs as Identity Provider inside that.
2. Connect SAML as Auth Handler.
When an internal user will try to login he will be redirected to SAML where if user is already logged in using ADFs then he will be authenticated in AEM autmatically.
External User issue
1. Implment another login page for External user and then authenticate them using AEM USers.
2. Keep a flag for all the users if they are internal or external to identify.
Dont want to store users in AEM
1. user an external user database and keep all the users in that DB
2. create a custom auth handler and auth all the external user against external DB using this handler.
3. Once user is verified in DB then create a token (using Auth handler)
In this case you dont need to keep Users in AEM
Hope this helps.
I have the same issue, keen to hear how this progresses
Views
Replies
Total Likes
I recommend watching this GEMS session done with Adobe Experts -- Utilizing SAML in AEM deployments
Views
Replies
Total Likes
Hi Nisha,
ADFS/SAML imleplementation
1. Implement SAML Server and provide ADFs as Identity Provider inside that.
2. Connect SAML as Auth Handler.
When an internal user will try to login he will be redirected to SAML where if user is already logged in using ADFs then he will be authenticated in AEM autmatically.
External User issue
1. Implment another login page for External user and then authenticate them using AEM USers.
2. Keep a flag for all the users if they are internal or external to identify.
Dont want to store users in AEM
1. user an external user database and keep all the users in that DB
2. create a custom auth handler and auth all the external user against external DB using this handler.
3. Once user is verified in DB then create a token (using Auth handler)
In this case you dont need to keep Users in AEM
Hope this helps.