Expand my Community achievements bar.

Masking idpURL while waiting for authentication SAML 2.0

Avatar

Level 1

Hello Community,

 

I am working on AEMasCS and for user authentication to my website, I am using SP initiated SAML 2.0 authentication.

 

The setup works in a way that when user hits https://website.url, it is redirected to idpURL mentioned in saml authentication handler configuration. Therefore, user sees https://authentication.tool.url.

Once the authentication is completed, the url comes back to actual website url.

 

How can I ensure that the user always see the website url to ensure a seamless experience for user. All the authentication and waiting for authentication should be transparent from address bar point of view.

Additionally, it brings one more problem that as soon as user hits base url of application it redirect to idpURL, thus user bookmarks wrong url mostly.

 

I tried setting reverse proxy, redirections but no luck.as of now. Possibility is I am doing it wrong as I am first time working with Dispatcher.

 

Has anyone tried it or has any inputs to achieve this behaviour?

 

Thanks

MK

2 Replies

Avatar

Level 6

Setting a reverse proxy seems a good option. Can you share more details about the error you are getting after setting the reverse proxy?

 

<LocationMatch "/sso">
RewriteEngine on
ProxyPass "https://idpurl.com"
ProxyPassReverse "https://idpurl.com"
</LocationMatch>

 

Avatar

Level 1

Hi @narendiran_ravi 

 

Please correct me if wrong.

You are assuming /sso will be part of  https://website.url.,something like https://website.url/sso If yes, then that is not the case.

 

So, I believe this rule is never running.

 

In my case, the login page is maintained in AEM for authoring purpose only. But, the actual rendering is done from idP. idP pulls this page when base url is hit for application ->modify this page by adding login form in it -> finally shows it to user.

 

So, when the user hits https://website.url, due to SAML configuration it directly goes to idpURL which is like https://idpurl.com/sso. This means /sso is a path at idp and not in my application.

Next, once the user inputs the credentials, the user details are processed by idp and after succeful authentication returns back to web application at /saml_login

Regards

MK