Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

Extending SAML authentication handler to post process saml reponse object for group attribute

Avatar

Level 3

We have an issue in integrating salesforce IDP with AEM. SF cant send the group atttribute in the AEM required format like this 

<Attribute Name="GroupMembership">
    <AttributeValue>Group1</AttributeValue>
    <AttributeValue>Group2</AttributeValue>
</Attribute>

but it will send the data like 

<Attribute Name="GroupMembership">
    <AttributeValue>Group1, Group2....</AttributeValue>
</Attribute>

We need to somehow read this attribute and assign the user with proper groups. It is for the publisher and we shall be using CUG concept. Not sure if we have write our own auth handler just to update thsi one field or can we extend the SAML auth handler and over ride create group method? Any suggestion or help would be appreciated,

1 Reply

Avatar

Level 2

@Ravi_KS  - was this issue resolved we have similar issue.