Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Need info AEM 6.2: Ability to extend SAML Authentication Handler for customizing user creation

Avatar

Level 1
Level 1
9/7/17 8:43:52 PM

Hi there,

We are currently using SAML authentication in our project. Expecting many users will be using the site after go-live. So lot of users would be created in AEM. We don't want to create lot of user nodes. Is there any way customize the default SAML authentication to stop creating new users and use a default AEM user after login. So there will not be much load on AEM. Please suggest.

Expectation: Use SAML without creating multiple users in AEM and impersonate with a default user to authenticate.

Thanks,

Praveen

Views

2.8K

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 9
Level 9
9/11/17 1:14:31 PM

In that case use post processor & store the attribute information in cookie or some thing. Sample post processor example at Apoorva Ganapathy's Blog: AEM - Processing SAML Response

View solution in original post

Views

1.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Level 9
Level 9
9/7/17 9:52:29 PM

Hi Praveen,

Check your idp support Impersonation for Federated Applications, if so configure that. Otherwise configure idp to pass an constant attribute with value of aem user & use that attribute name at userIDAttribute in saml configuration . No need to extend & will work out of the box.

Thanks,

Views

1.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
9/10/17 7:23:27 PM

Thanks MC for your suggestion. Currently, we are using Google as IDP. I will look at an option in Google SAML configuration to use any custom attribute. Also, we need the actual user information(eg email address, name.. ) as well after defaulting to an individual user.

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 9
Level 9
9/11/17 1:14:31 PM

In that case use post processor & store the attribute information in cookie or some thing. Sample post processor example at Apoorva Ganapathy's Blog: AEM - Processing SAML Response

Views

1.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 1
Level 1
7/26/18 8:43:17 AM

Hello Praveen,

Did Post Processor solved your issue?

We also want to avoid user creations and want to authenticate CRX with some impersonate user.At the same time we want to maintain the IDP provided user details in AEM session for further use.

We would like to know if we have to write Custom SAML Authentication Handler or writing Post Processor will suffice.

Thanks,

Sagar

Views

1.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
4/21/23 3:20:00 PM

Hi,

We have encountered similar issue. We have implemented CustomAuthenticationInfoPostProcessor , HttpServletRequest.pathInfo is null and  I can see

TokenAuthenticationHandler Extracted token information but

BearerAuthenticationHandler extractCredentials: Unable to extract an access token and

.AbstractLoginModule No credentials found

LoginContextProviderImpl Found pre-authenticated subject: No further login actions required.

 

I dont see the Post Processor getting further executed and its exited .

 

Can somebody suggest what might be going wrong

Views

822

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
how to write junit for the below code

Views

68

Likes

0

Replies

1
Unable to render url or html content as page via sightly

Views

52

Likes

0

Replies

1
Suggestion | Creating a Custom Video Plugin for aem as cloud services Rich Text Editor

Views

100

Likes

0

Replies

2
Asking for some help with integrating Workfront with Experience Fragments(XF)

Views

105

Likes

0

Replies

2
Nested multifield not allowing to add more items

Views

117

Likes

0

Replies

2