Adobe Experience Manager Sites & More

SmrithiGo · 10/30/25

hi,

We have a requirement to customize the digital forms on AEM 6.5 based on each customer.

Currently, the AEM is placed within the intranet and is not accessible by anyone outside.Once AEM publish is placed outside intranet, and can be accessed by the customers, and we have a requirement to capture customer details. I am looking for different ways to authenticate AEM publish, without using LDAP or SSO , as the users are typically external customer and not employees.

Kindly suggest different methods. Thank you.

giuseppebaglio · 10/30/25

hi @SmrithiGo,

you can implement a custom authentication handler that validates users against an external token or API. This approach works well if you have an existing customer database or external system. Reference

While typically used with corporate SSO, SAML can work for external customers if you have a dedicated Identity Provider. AEM 6.5 includes built-in SAML 2.0 Authentication Handler support: Reference

If you want to allow customers to authenticate using their existing accounts (Google, Facebook, etc.), implement OAuth. AEM supports custom OAuth provider implementation. Reference

SmrithiGo · 10/30/25

thanks @giuseppebaglio , for your response. I believe the first or the second one is best possible in our use case.

muskaanchandwani · 10/31/25

Hello @SmrithiGo

Please refer to the Official Documentation: https://experienceleague.adobe.com/en/docs/experience-manager-learn/foundation/authentication/authen...
for consolidated view into the authentication mechanisms supported by AEM 6.5

1. Forms-Based Authentication
-Create custom login and registration forms for users.
-Store user data in AEM or an external customer database.
-User management, password reset, and profile features fully customizable.

2. Token-Based Authentication (Encapsulated Token)
-Authenticate users and issue secure stateless tokens.
-Scales easily across multiple publish instances.
-Suitable for custom login flows.

3. Social Login via OAuth/OpenID Connect
-Enable login using Google, Facebook, etc.
-AEM supports OAuth/OIDC.
-Reduces registration friction for customers.

4. SAML 2.0 Integration (External Identity Provider)
-Integrate with a third-party customer identity provider (like Auth0, Okta).
-Requires setup of a SAML-compliant IdP for consumer-facing authentication.

5. Basic Authentication
-HTTP Basic Auth for simple access control.
-NOT recommended for public/external customer-facing websites.

SmrithiGo · 11/3/25

HI @muskaanchandwani , Thanks for your response.

What I can understand from the documentation is that for Basic authentication, Forms based and Token based, is best when AEM as the canonical identity provider.

In our case, it is not. The customer information is not saved or handled by AEM, but by a separate external system.

So we have the following options:

Since the pages are accessed by external customer, I believe LDAP, SSO and SAML will not be an option. So the remaining would be Oauth or OpenID.

If the customer information , is in an external database and is not stored in AEM, can you suggest the best of these approaches. Thanks

muskaanchandwani · 11/3/25

Hello @SmrithiGo

Yes, Basic, Forms-based, and Token-based authentication mechanisms are best suited when AEM itself acts as the canonical identity provider.

Since in your case the customer information is managed entirely by an external system and not stored within AEM, an approach that may better fit your setup is using OAuth 2.0 or OpenID Connect (OIDC) integration.

Adobe Experience Manager Sites & More

Different ways to Authenticate AEM Publish other than LDAP or SSO (AEM 6.5)

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe