AEM6- Authentication via ADFS for corporate/Internal users | Community
Skip to main content
nishaSharma
nishaSharma
Level 2
February 28, 2018
Solved

AEM6- Authentication via ADFS for corporate/Internal users

  • February 28, 2018
  • 3 replies
  • 2749 views

Please see if anybody can help me on below use case by suggesting a solution.

We have our internal users(company staff) in ADFS and external users in AEM repository. The requirement is that when any internal user tries to access the application URL from corporate network, they should be directly authenticated from ADFS using windows authentication and land to the application home page(doesn't matter even if they don't exist in AEM repo).

Whereas when external user(will exists in AEM repo) tries to access the application URL (obviously from outside office network), they should be challenged with user credentials(Login page will be shown to them).

Can we achieve this using SAML authentication handler? As per my understanding SAML has a limitation that users must exists in AEM repo, but in our case client doesn't want to store internal users in Aem.

Also, what would be the better approach to check this internal and external uesr request to redirect them accordingly?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by navinkaushal

Hi Nisha,

ADFS/SAML imleplementation

1. Implement SAML Server and provide ADFs as Identity Provider inside that.

2. Connect SAML as Auth Handler.

When an internal user will try to login he will be redirected to SAML where if user is already logged in using ADFs then he will be authenticated in AEM autmatically.

External User issue

1. Implment another login page for External user and then authenticate them using AEM USers.

2. Keep a flag for all the users if they are internal or external to identify.

Dont want to store users in AEM

1. user an external user database and keep all the users in that DB

2. create a custom auth handler and auth all the external user against external DB using this handler.

3. Once user is verified in DB then create a token (using Auth handler)

In this case you dont need to keep Users in AEM

Hope this helps.

3 replies

J
johneuk84
Level 2
March 5, 2018

I have the same issue, keen to hear how this progresses

smacdonald2008
smacdonald2008
Level 10
March 5, 2018

I recommend watching this GEMS session done with Adobe Experts -- Utilizing SAML in AEM deployments

navinkaushal
navinkaushalAccepted solution
Level 4
March 5, 2018

Hi Nisha,

ADFS/SAML imleplementation

1. Implement SAML Server and provide ADFs as Identity Provider inside that.

2. Connect SAML as Auth Handler.

When an internal user will try to login he will be redirected to SAML where if user is already logged in using ADFs then he will be authenticated in AEM autmatically.

External User issue

1. Implment another login page for External user and then authenticate them using AEM USers.

2. Keep a flag for all the users if they are internal or external to identify.

Dont want to store users in AEM

1. user an external user database and keep all the users in that DB

2. create a custom auth handler and auth all the external user against external DB using this handler.

3. Once user is verified in DB then create a token (using Auth handler)

In this case you dont need to keep Users in AEM

Hope this helps.

    Terms & ConditionsAccessibility statement

    Loading footer...