Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Need info AEM 6.2: Ability to extend SAML Authentication Handler for customizing user creation

Avatar

Avatar
Validate 1
Level 1
1353748
Level 1

Likes

0 likes

Total Posts

2 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
1353748
Level 1

Likes

0 likes

Total Posts

2 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile
1353748
Level 1

07-09-2017

Hi there,

We are currently using SAML authentication in our project. Expecting many users will be using the site after go-live. So lot of users would be created in AEM. We don't want to create lot of user nodes. Is there any way customize the default SAML authentication to stop creating new users and use a default AEM user after login. So there will not be much load on AEM. Please suggest.

Expectation: Use SAML without creating multiple users in AEM and impersonate with a default user to authenticate.

Thanks,

Praveen

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Validate 1
Level 8
MC_Stuff
Level 8

Likes

78 likes

Total Posts

467 posts

Correct Reply

158 solutions
Top badges earned
Validate 1
Boost 50
Boost 5
Boost 3
Boost 25
View profile

Avatar
Validate 1
Level 8
MC_Stuff
Level 8

Likes

78 likes

Total Posts

467 posts

Correct Reply

158 solutions
Top badges earned
Validate 1
Boost 50
Boost 5
Boost 3
Boost 25
View profile
MC_Stuff
Level 8

11-09-2017

In that case use post processor & store the attribute information in cookie or some thing. Sample post processor example at Apoorva Ganapathy's Blog: AEM - Processing SAML Response

Answers (3)

Answers (3)

Avatar

Avatar
Level 1
sagara51383857
Level 1

Likes

0 likes

Total Posts

2 posts

Correct Reply

0 solutions
View profile

Avatar
Level 1
sagara51383857
Level 1

Likes

0 likes

Total Posts

2 posts

Correct Reply

0 solutions
View profile
sagara51383857
Level 1

26-07-2018

Hello Praveen,

Did Post Processor solved your issue?

We also want to avoid user creations and want to authenticate CRX with some impersonate user.At the same time we want to maintain the IDP provided user details in AEM session for further use.

We would like to know if we have to write Custom SAML Authentication Handler or writing Post Processor will suffice.

Thanks,

Sagar

Avatar

Avatar
Validate 1
Level 1
1353748
Level 1

Likes

0 likes

Total Posts

2 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
1353748
Level 1

Likes

0 likes

Total Posts

2 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile
1353748
Level 1

10-09-2017

Thanks MC for your suggestion. Currently, we are using Google as IDP. I will look at an option in Google SAML configuration to use any custom attribute. Also, we need the actual user information(eg email address, name.. ) as well after defaulting to an individual user.

Avatar

Avatar
Validate 1
Level 8
MC_Stuff
Level 8

Likes

78 likes

Total Posts

467 posts

Correct Reply

158 solutions
Top badges earned
Validate 1
Boost 50
Boost 5
Boost 3
Boost 25
View profile

Avatar
Validate 1
Level 8
MC_Stuff
Level 8

Likes

78 likes

Total Posts

467 posts

Correct Reply

158 solutions
Top badges earned
Validate 1
Boost 50
Boost 5
Boost 3
Boost 25
View profile
MC_Stuff
Level 8

07-09-2017

Hi Praveen,

Check your idp support Impersonation for Federated Applications, if so configure that. Otherwise configure idp to pass an constant attribute with value of aem user & use that attribute name at userIDAttribute in saml configuration . No need to extend & will work out of the box.

Thanks,