Multiple Authentication handlers

Avatar

Avatar

brumoonmmc1

Avatar

brumoonmmc1

brumoonmmc1

15-10-2015

Hi,

My use case is that I want to use different authentication handlers for different sites. We already have SAML integrated with an IDP for one site. But we also want to use the OOTB Login component to authenticate users in the AEM User list. Right now SAML overrides everything.

Any ideas?

Brumoon

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

justin_at_adobe

Employee

Avatar

justin_at_adobe

Employee

justin_at_adobe
Employee

15-10-2015

Hi,

In Sling, Authentication Handlers can be applied by path, so this is just a matter of configuring each Authentication Handler with the set of paths it should handle.

Regards,

Justin

Answers (4)

Answers (4)

Avatar

Avatar

justin_at_adobe

Employee

Avatar

justin_at_adobe

Employee

justin_at_adobe
Employee

15-10-2015

Hi,

As you've noticed, the SAML Authentication Handler can effectively be used only against a single IDP because it relies on a common location for the certificates and keys. To be clear, the original post was about combining the SAML handler with a different handler.

If you need to connect to multiple IDPs, you will have to write your own SAML handler (presuamably extending the OOTB one) or work with Adobe support to get support for multiple IDPs added to the product.

Regards,

Justin

Avatar

Avatar

justin_at_adobe

Employee

Avatar

justin_at_adobe

Employee

justin_at_adobe
Employee

15-10-2015

No, I was referring to configuring the path for each authentication handler. /system/console/slingauth is a read only view of the configuration.

Avatar

Avatar

brumoonmmc1

Avatar

brumoonmmc1

brumoonmmc1

15-10-2015

Thanks Justin for the information. I am presuming you are referring to system/console/slingauth, to configure the path.

Another variation to my question is: What if I want a form login authentication to work? right now j_security_check gets overridden by the SAML authentication. How do I (or is there documentation on how to) create another customized (multiple) authentication suffix(es) to direct to multiple AEM Authentication Handler(s).

Avatar

Avatar

bvk1938

Avatar

bvk1938

bvk1938

15-10-2015

Justin,
This was useful - the hint to configure Authentication Handler with the set of paths.

Since we are talking here about 1-to-n mapping (1 AEM instance to several IdP providers), I wonder how do we configure the AM instance with individual IdP information?

As per this post:
http://dev.day.com/content/docs/en/cq/current/core/administering/saml-2-0-authenticationhandler.html
IdP keys shoudl be stored in following locations:
/etc/key/saml/idp_cert
/etc/key/saml/public
/etc/key/saml/private

Where do we configure multiple IdP providers?
How does AEM learn about multiple IdP providers?

The goal here is to use one IdP provider for one Website and another IdP provider for second (different than the first one) Website.