Expand my Community achievements bar.

July 31st AEM Gems Webinar: Elevate your AEM development to master the integration of private GitHub repositories within AEM Cloud Manager.

Custom Authentication Handler for AEM DAM Assets(link fro AEM sites)


Level 1

I am trying to follow this for building Custom Authentication Handler - My intension is to Gate the assets and redirect to SSO when trying to access a DAM asset link from AEM Sites. I am using AEMaaCS.

Adobe CQ/Adobe AEM: How to Create Custom Authentication Handler in CQ (wemblog.com)


It's not working for any links /content/dam/<project>


Any one implemented this? any leads would be helpful - Thank you!


Topics help categorize Community content and increase your ability to discover relevant content.

2 Replies


Level 9
To implement a custom authentication handler for gating AEM DAM assets and redirecting to SSO when accessing them from AEM Sites, you can follow these steps:
  • Create a new bundle project using Maven and include the required AEM APIs like org.apache.sling.auth.core in your pom.xml dependencies.
  • Implement the org.apache.sling.auth.core.spi.AuthenticationHandler interface and override the required methods like extractCredentials, requestCredentials, authenticationSucceeded, and authenticationFailed.
  • In the extractCredentials method, check if the requested resource is a DAM asset (e.g., /content/dam/). If so, extract the user's credentials from the request headers or cookies.
  • Implement the requestCredentials method to redirect the user to your SSO login page if no valid credentials are found.
  • In the authenticationSucceeded method, set the appropriate authentication requirements and headers for the requested DAM asset.
  • Register your custom authentication handler as an OSGi service by creating a component XML file in the bundle.
  • Install and start the bundle in your AEM instance.
  • Configure the authentication handler in the Apache Sling Authentication Service by adding it to the list of authentication handlers at /system/console/configMgr/org.apache.sling.engine.impl.auth.SlingAuthenticator.
By following these steps, your custom authentication handler should be able to gate AEM DAM assets and redirect users to your SSO login page when accessing them from AEM Sites


Level 1

As I mentioned and shared link above - this approach is only working for AEM assets /content/<project> but not working for DAM Assets /content/dam/<project> 

I want an implementation approach for making Assets gated