Expand my Community achievements bar.

SOLVED

Moving secrets from Ldap Identity provider XML to Hashicorp vault (secrets management system)

Avatar

Level 2
Level 2
3/16/22 5:26:36 AM

We are using LdapIdentityProvider.xml to connect to our organization's Ldap interface for the login functionality in AEM.

As a security measure, We want to move the password information to 'vault secrets management system'. We have a custom service , which we use to read vault secrets.

Could anyone please help with a way to extend AEM Ldap service (not sure of the exact name of service) , so that we can add our custom code to read Ldap secret from vault ?

Views

543

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
12/11/23 8:53:50 AM

Hi @sarthakuiit 

 

To achieve this

  1. Create a Vault Configuration

  2. Update LDAP Identity Provider Configuration

    Modify the LdapIdentityProvider.xml configuration to use placeholders for the LDAP credentials, which will be replaced at runtime. 

  3. Create a Custom OSGi Service

  4. Reference Custom Service in LDAP Identity Provider

    1. Modify the LDAP Identity Provider code to reference your custom service for retrieving the LDAP password.

  5. Update Component and Service References:

Hope this helps!

 

Thanks,

Kiran Vedantam.

View solution in original post

Views

303

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Administrator
Administrator
12/5/23 12:17:35 AM

@aanchal-sikka @JoseManuel121 @Lokesh_Vajrala @ksh_ingole7 @Kiran_Vedantam @Uppari_Ramesh Can you please review this unanswered question? Appreciate your thoughts on this.



Kautuk Sahni

Views

320

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
12/11/23 8:53:50 AM

Hi @sarthakuiit 

 

To achieve this

  1. Create a Vault Configuration

  2. Update LDAP Identity Provider Configuration

    Modify the LdapIdentityProvider.xml configuration to use placeholders for the LDAP credentials, which will be replaced at runtime. 

  3. Create a Custom OSGi Service

  4. Reference Custom Service in LDAP Identity Provider

    1. Modify the LDAP Identity Provider code to reference your custom service for retrieving the LDAP password.

  5. Update Component and Service References:

Hope this helps!

 

Thanks,

Kiran Vedantam.

Views

304

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
not able to set coral icon to rte plugin

Views

101

Likes

0

Replies

3
AEMaaCS: Is there a way to get usergenerated content from Publish to Author?

Views

140

Likes

0

Replies

4
Is there a way to Log request.headers in AEM CS Dispatcher?

Views

122

Likes

0

Replies

2
How to add validators for letters check?

Views

109

Likes

0

Replies

2
Want to get the content of YAML files instead of downloading them (AEM 6.5)

Views

185

Likes

0

Replies

5