Hi,
We are trying to configure SAML Authentication Handler in publish instances so that content under private/secure folder can only be accessed after user logs in.
Private/Secure folders can be under multiple content paths for example /content/mycompany/abc/secure or /content/mycompany/xyz/secure or /content/mycompany/123/def/secure and so on.
Is there a feasibility to configure wildcard path for example /content/*/secure or if path contains secure or private, so that i need not list down all individual paths?
Any suggestions on this would be appreciated.
Thanks,
Srikanth
Solved! Go to Solution.
Views
Replies
Total Likes
Adding (-/content/mycompany/abc/public) to the Apache Sling Authentication Service will exclude that page from authentication at all and SAML will not be triggered on those pages.
Basically,"Apache Sling Authentication Service" is the first layer of authentication that determines which content is allowed/denied and if the content is denied, requests are then routed to authentication handlers(OOTB Sling or SAML) depending on the setup.
Views
Replies
Total Likes
As far as i can check this is not possible and you need to use multiple SAML configuration to achieve that. Explaination below:
Check [1] for detailed explaination
Views
Replies
Total Likes
Hi Srikanth,
As per my experience,it is not feasible to add wildcard in path folder.
If path: / then /saml_login is ACS endpoint.
If the path: /content then /content/saml_login is ACS endpoint.
Assertion Consumer Service (ACS) url is the endpoint in AEM that consumes SAML response which is set at IDP end.
Therefore , if we have wildcard in path we will not be able to fetch the exact ACS endpoint
Views
Replies
Total Likes
Thanks for your response JaideepBrar and tanyakapila.
My problem statement is, we have multiple content folders and inside each such folder we are planning to have public and private/secure folders. For example, consider below folders
In the above scenario, when user tries to access pages under secure folder, user must be prompted for login whereas not required for public content. Will adding public folders in Apache Sling Authentication Service to exclude them(-/content/mycompany/abc/public) solve my problem?
I am going to try this and post my observations, but would like to get the above approach validated by you guys.
Thanks for the help.
Views
Replies
Total Likes
Adding (-/content/mycompany/abc/public) to the Apache Sling Authentication Service will exclude that page from authentication at all and SAML will not be triggered on those pages.
Basically,"Apache Sling Authentication Service" is the first layer of authentication that determines which content is allowed/denied and if the content is denied, requests are then routed to authentication handlers(OOTB Sling or SAML) depending on the setup.
Views
Replies
Total Likes
Thanks JaideepBrar,
Above approach seems to address my problem, however need to test all possible scenarios.
In Apache Sling Authentication Service, I have excluded public folders but allowed root content folder i.e. +/content/mycompany & -/content/mycompany/abc/public.
When I access any page under public folder, SAML handler is not triggered but for other pages I am asked to signin.
Views
Replies
Total Likes