Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Moving secrets from Ldap Identity provider XML to Hashicorp vault (secrets management system)

Avatar

Level 2

We are using LdapIdentityProvider.xml to connect to our organization's Ldap interface for the login functionality in AEM.

As a security measure, We want to move the password information to 'vault secrets management system'. We have a custom service , which we use to read vault secrets.

Could anyone please help with a way to extend AEM Ldap service (not sure of the exact name of service) , so that we can add our custom code to read Ldap secret from vault ?

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @sarthakuiit 

 

To achieve this

  1. Create a Vault Configuration

  2. Update LDAP Identity Provider Configuration

    Modify the LdapIdentityProvider.xml configuration to use placeholders for the LDAP credentials, which will be replaced at runtime. 

  3. Create a Custom OSGi Service

  4. Reference Custom Service in LDAP Identity Provider

    1. Modify the LDAP Identity Provider code to reference your custom service for retrieving the LDAP password.

  5. Update Component and Service References:

Hope this helps!

 

Thanks,

Kiran Vedantam.

View solution in original post

2 Replies

Avatar

Administrator

@aanchal-sikka @JoseManuel121 @Lokesh_Vajrala @ksh_ingole7 @Kiran_Vedantam @Uppari_Ramesh Can you please review this unanswered question? Appreciate your thoughts on this.



Kautuk Sahni

Avatar

Correct answer by
Community Advisor

Hi @sarthakuiit 

 

To achieve this

  1. Create a Vault Configuration

  2. Update LDAP Identity Provider Configuration

    Modify the LdapIdentityProvider.xml configuration to use placeholders for the LDAP credentials, which will be replaced at runtime. 

  3. Create a Custom OSGi Service

  4. Reference Custom Service in LDAP Identity Provider

    1. Modify the LDAP Identity Provider code to reference your custom service for retrieving the LDAP password.

  5. Update Component and Service References:

Hope this helps!

 

Thanks,

Kiran Vedantam.