Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Are multiple implementations of AuthenticationInfoPostProcessor supported?

Avatar

Level 2

Working in AEM 6.4 and in process of migrating to 6.5, wondering if AEM supports multiple SAML implementations? And if so, can i also have multiple classes that extend AuthenticationInfoPostProcessor?

 

I can't find anything in the docs about this.

 

Any help would be great,

1 Accepted Solution

Avatar

Correct answer by
Level 2

Yes, multiple implementations are supported. Note that each will be invoked (in no specific order) so you will need to have each implementation only process the applicable logins.

e.g. Suppose you want to have two websites in AEM protected by two distinct postProcess implementations. Consider something like this:

public abstract class AbstractAuthenticationPostProcessor implements AuthenticationInfoPostProcessor {
  protected PostProcessorHandler getHandler(HttpServletRequest request) {
    String path = request.getRequestURI();

    if (path.startsWith("/content/siteA") {
      return PostProcessorHandler.SiteA;
    }
    if (path.startsWith("/content/siteB") {
      return PostProcessorHandler.SiteB;
    }
    return PostProcessorHandler.None
  }

  protected enum PostProcessorHandler {
      SiteA,
      SiteB,
      None
  }
}

Then in each of the implementations of the postprocessors do this:

public class SiteAPostProcessor extends AbstractAuthenticationPostProcessor {
  @Override
  public void postProcess(
    AuthenticationInfo authenticationInfo,
    HttpServletRequest request,
    HttpServletResponse response) {

    if (getHandler(request) != AuthenticationHandler.SiteA) {
        return;
    }

    // do post login tasks
  }
}

View solution in original post

1 Reply

Avatar

Correct answer by
Level 2

Yes, multiple implementations are supported. Note that each will be invoked (in no specific order) so you will need to have each implementation only process the applicable logins.

e.g. Suppose you want to have two websites in AEM protected by two distinct postProcess implementations. Consider something like this:

public abstract class AbstractAuthenticationPostProcessor implements AuthenticationInfoPostProcessor {
  protected PostProcessorHandler getHandler(HttpServletRequest request) {
    String path = request.getRequestURI();

    if (path.startsWith("/content/siteA") {
      return PostProcessorHandler.SiteA;
    }
    if (path.startsWith("/content/siteB") {
      return PostProcessorHandler.SiteB;
    }
    return PostProcessorHandler.None
  }

  protected enum PostProcessorHandler {
      SiteA,
      SiteB,
      None
  }
}

Then in each of the implementations of the postprocessors do this:

public class SiteAPostProcessor extends AbstractAuthenticationPostProcessor {
  @Override
  public void postProcess(
    AuthenticationInfo authenticationInfo,
    HttpServletRequest request,
    HttpServletResponse response) {

    if (getHandler(request) != AuthenticationHandler.SiteA) {
        return;
    }

    // do post login tasks
  }
}