Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
Read More.

Masking idpURL while waiting for authentication SAML 2.0

Avatar

Level 1
Level 1
8/8/24 2:23:27 PM

Hello Community,

 

I am working on AEMasCS and for user authentication to my website, I am using SP initiated SAML 2.0 authentication.

 

The setup works in a way that when user hits https://website.url, it is redirected to idpURL mentioned in saml authentication handler configuration. Therefore, user sees https://authentication.tool.url.

Once the authentication is completed, the url comes back to actual website url.

 

How can I ensure that the user always see the website url to ensure a seamless experience for user. All the authentication and waiting for authentication should be transparent from address bar point of view.

Additionally, it brings one more problem that as soon as user hits base url of application it redirect to idpURL, thus user bookmarks wrong url mostly.

 

I tried setting reverse proxy, redirections but no luck.as of now. Possibility is I am doing it wrong as I am first time working with Dispatcher.

 

Has anyone tried it or has any inputs to achieve this behaviour?

 

Thanks

MK

Views

200

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
2 Replies

Avatar

Level 4
Level 4
8/8/24 11:34:01 PM

Setting a reverse proxy seems a good option. Can you share more details about the error you are getting after setting the reverse proxy?

 

<LocationMatch "/sso">
    RewriteEngine on
    ProxyPass "https://idpurl.com"
    ProxyPassReverse "https://idpurl.com"
</LocationMatch>

 

Views

168

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
8/9/24 4:01:53 AM
In response to narendiran100

Hi @narendiran100 

 

Please correct me if wrong.

You are assuming /sso will be part of  https://website.url.,something like https://website.url/sso If yes, then that is not the case.

 

So, I believe this rule is never running.

 

In my case, the login page is maintained in AEM for authoring purpose only. But, the actual rendering is done from idP. idP pulls this page when base url is hit for application ->modify this page by adding login form in it -> finally shows it to user.

 

So, when the user hits https://website.url, due to SAML configuration it directly goes to idpURL which is like https://idpurl.com/sso. This means /sso is a path at idp and not in my application.

Next, once the user inputs the credentials, the user details are processed by idp and after succeful authentication returns back to web application at /saml_login

Regards

MK

Views

145

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Best Practices for Implementing Adobe Experience Manager (AEM) in 2024

Views

62

Likes

0

Replies

0
Join us in San Francisco for the AEM Skill Exchange on November 14, 2024

Views

249

Likes

2

Replies

0
Don’t miss your chance to apply for the 2025 Adobe Experience Maker Awards

Views

220

Likes

0

Replies

0
Batch Script for Efficient AEM Upgrade: A Developer's Time-Saving Tool

Views

204

Likes

3

Replies

0
Need help to write traditional CI/CD pipeline for Adobe Experince Cloud Manager and Adobe Commerce Cloud Manager

Views

198

Likes

0

Replies

2