Hi there,
We are currently using SAML authentication in our project. Expecting many users will be using the site after go-live. So lot of users would be created in AEM. We don't want to create lot of user nodes. Is there any way customize the default SAML authentication to stop creating new users and use a default AEM user after login. So there will not be much load on AEM. Please suggest.
Expectation: Use SAML without creating multiple users in AEM and impersonate with a default user to authenticate.
Thanks,
Praveen
Solved! Go to Solution.
Views
Replies
Total Likes
In that case use post processor & store the attribute information in cookie or some thing. Sample post processor example at Apoorva Ganapathy's Blog: AEM - Processing SAML Response
Views
Replies
Total Likes
Hi Praveen,
Check your idp support Impersonation for Federated Applications, if so configure that. Otherwise configure idp to pass an constant attribute with value of aem user & use that attribute name at userIDAttribute in saml configuration . No need to extend & will work out of the box.
Thanks,
Views
Replies
Total Likes
Thanks MC for your suggestion. Currently, we are using Google as IDP. I will look at an option in Google SAML configuration to use any custom attribute. Also, we need the actual user information(eg email address, name.. ) as well after defaulting to an individual user.
Views
Replies
Total Likes
In that case use post processor & store the attribute information in cookie or some thing. Sample post processor example at Apoorva Ganapathy's Blog: AEM - Processing SAML Response
Views
Replies
Total Likes
Hello Praveen,
Did Post Processor solved your issue?
We also want to avoid user creations and want to authenticate CRX with some impersonate user.At the same time we want to maintain the IDP provided user details in AEM session for further use.
We would like to know if we have to write Custom SAML Authentication Handler or writing Post Processor will suffice.
Thanks,
Sagar
Views
Replies
Total Likes
Hi,
We have encountered similar issue. We have implemented CustomAuthenticationInfoPostProcessor , HttpServletRequest.pathInfo is null and I can see
TokenAuthenticationHandler Extracted token information but
BearerAuthenticationHandler extractCredentials: Unable to extract an access token and
.AbstractLoginModule No credentials found
LoginContextProviderImpl Found pre-authenticated subject: No further login actions required.
I dont see the Post Processor getting further executed and its exited .
Can somebody suggest what might be going wrong
Views
Replies
Total Likes
Views
Likes
Replies