Expand my Community achievements bar.

SOLVED

AEM6- Authentication via ADFS for corporate/Internal users

Avatar

Level 2

Please see if anybody can help me on below use case by suggesting a solution.

We have our internal users(company staff) in ADFS and external users in AEM repository. The requirement is that when any internal user tries to access the application URL from corporate network, they should be directly authenticated from ADFS using windows authentication and land to the application home page(doesn't matter even if they don't exist in AEM repo).

Whereas when external user(will exists in AEM repo) tries to access the application URL (obviously from outside office network), they should be challenged with user credentials(Login page will be shown to them).

Can we achieve this using SAML authentication handler? As per my understanding SAML has a limitation that users must exists in AEM repo, but in our case client doesn't want to store internal users in Aem.

Also, what would be the better approach to check this internal and external uesr request to redirect them accordingly?

1 Accepted Solution

Avatar

Correct answer by
Level 4

Hi Nisha,

ADFS/SAML imleplementation

1. Implement SAML Server and provide ADFs as Identity Provider inside that.

2. Connect SAML as Auth Handler.

When an internal user will try to login he will be redirected to SAML where if user is already logged in using ADFs then he will be authenticated in AEM autmatically.

External User issue

1. Implment another login page for External user and then authenticate them using AEM USers.

2. Keep a flag for all the users if they are internal or external to identify.

Dont want to store users in AEM

1. user an external user database and keep all the users in that DB

2. create a custom auth handler and auth all the external user against external DB using this handler.

3. Once user is verified in DB then create a token (using Auth handler)

In this case you dont need to keep Users in AEM

Hope this helps.

View solution in original post

3 Replies

Avatar

Level 2

I have the same issue, keen to hear how this progresses

Avatar

Level 10

I recommend watching this GEMS session done with Adobe Experts -- Utilizing SAML in AEM deployments

Avatar

Correct answer by
Level 4

Hi Nisha,

ADFS/SAML imleplementation

1. Implement SAML Server and provide ADFs as Identity Provider inside that.

2. Connect SAML as Auth Handler.

When an internal user will try to login he will be redirected to SAML where if user is already logged in using ADFs then he will be authenticated in AEM autmatically.

External User issue

1. Implment another login page for External user and then authenticate them using AEM USers.

2. Keep a flag for all the users if they are internal or external to identify.

Dont want to store users in AEM

1. user an external user database and keep all the users in that DB

2. create a custom auth handler and auth all the external user against external DB using this handler.

3. Once user is verified in DB then create a token (using Auth handler)

In this case you dont need to keep Users in AEM

Hope this helps.