Parallel authentication support for same site on AEM 6.1

Avatar

Avatar

sukumard5750513

Avatar

sukumard5750513

sukumard5750513

19-05-2020

Hi,

 

Our current project has AEM 6.1 in production with SAML authentication handler for user authentication. Also it has single site to serve for WEB, Mobile and Tablet (mobile responsive site).

 

Currently client wants to move to OAuth. But during migration , want to keep both SAML as well as OAuth for same site. i.e. if user access page1 on WEB do SAML authentication while when page1 access via Mobile do OAuth.

 

Please suggest whether its doable in AEM 6.1 if yes, any solution approach.

AEM 6.1 Multiple authentication handler oauth SAML2.0

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

Andrew_Khoury

Employee

Avatar

Andrew_Khoury

Employee

Andrew_Khoury
Employee

20-05-2020

Since there is no way to define which handler on the same path to trigger for authentication you would have to do some customization.

 

You could implement a custom servlet /bin/auth and configure the authentication handlers under subpaths of the servlet - for example /bin/auth/saml.  When the user accesses the AEM site via method requiring SAML then set a cookie to remember their original entry point and redirect to that servlet with a querystring saying which type of authentication.  For Example:

/bin/auth?type=saml

or

/bin/auth?type=oauth

Then redirect the user to the respective Auth Handler's path to trigger its normal authentication sequence (note that you should have stored a cookie remembering which page they started on before being redirected to /bin/auth?... so you could use that to send them back:

 

Auth handler OSGi configs:

 

SAML Handler "Path":

/bin/auth/saml

IDP would be configured with SAML Response to be sent to:

/bin/auth/saml/saml_login

 

OAuth Handler "Path":

/bin/auth/oauth

Answers (2)

Answers (2)

Avatar

Avatar

sukumard5750513

Avatar

sukumard5750513

sukumard5750513

19-05-2020

Thanks @aemmarc .

 

But as i mentioned we have single site structure, so each page have dual authentication handler and based on access point web or mobile or tablet, need to invoke handler accordingly.

 

Hence the need to invoke handler per access point (web, mobile) not per site structure.

 

Please suggest.

Avatar

Avatar

aemmarc

Employee

Avatar

aemmarc

Employee

aemmarc
Employee

19-05-2020

Sure, authentication handlers register on paths you define, so you should be okay here.

 

P.S. Time to upgrade off 6.1