Need info AEM 6.2: Ability to extend SAML Authentication Handler for customizing user creation | Community
Skip to main content
1
1353748
September 8, 2017
Solved

Need info AEM 6.2: Ability to extend SAML Authentication Handler for customizing user creation

  • September 8, 2017
  • 5 replies
  • 3443 views

Hi there,

We are currently using SAML authentication in our project. Expecting many users will be using the site after go-live. So lot of users would be created in AEM. We don't want to create lot of user nodes. Is there any way customize the default SAML authentication to stop creating new users and use a default AEM user after login. So there will not be much load on AEM. Please suggest.

Expectation: Use SAML without creating multiple users in AEM and impersonate with a default user to authenticate.

Thanks,

Praveen

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by MC_Stuff

In that case use post processor & store the attribute information in cookie or some thing. Sample post processor example at Apoorva Ganapathy's Blog: AEM - Processing SAML Response

5 replies

MC_Stuff
MC_Stuff
Level 10
September 8, 2017

Hi Praveen,

Check your idp support Impersonation for Federated Applications, if so configure that. Otherwise configure idp to pass an constant attribute with value of aem user & use that attribute name at userIDAttribute in saml configuration . No need to extend & will work out of the box.

Thanks,

1
1353748Author
September 11, 2017

Thanks MC for your suggestion. Currently, we are using Google as IDP. I will look at an option in Google SAML configuration to use any custom attribute. Also, we need the actual user information(eg email address, name.. ) as well after defaulting to an individual user.

MC_Stuff
MC_StuffAccepted solution
Level 10
September 11, 2017

In that case use post processor & store the attribute information in cookie or some thing. Sample post processor example at Apoorva Ganapathy's Blog: AEM - Processing SAML Response

sagara51383857
sagara51383857
July 26, 2018

Hello Praveen,

Did Post Processor solved your issue?

We also want to avoid user creations and want to authenticate CRX with some impersonate user.At the same time we want to maintain the IDP provided user details in AEM session for further use.

We would like to know if we have to write Custom SAML Authentication Handler or writing Post Processor will suffice.

Thanks,

Sagar

P
priya_cr
Level 2
April 21, 2023

Hi,

We have encountered similar issue. We have implemented CustomAuthenticationInfoPostProcessor , HttpServletRequest.pathInfo is null and  I can see

TokenAuthenticationHandler Extracted token information but

BearerAuthenticationHandler extractCredentials: Unable to extract an access token and

.AbstractLoginModule No credentials found

LoginContextProviderImpl Found pre-authenticated subject: No further login actions required.

 

I dont see the Post Processor getting further executed and its exited .

 

Can somebody suggest what might be going wrong

Terms & ConditionsAccessibility statement

Loading footer...