Parallel authentication support for same site on AEM 6.1

Question

Hi,

Our current project has AEM 6.1 in production with SAML authentication handler for user authentication. Also it has single site to serve for WEB, Mobile and Tablet (mobile responsive site).

Currently client wants to move to OAuth. But during migration , want to keep both SAML as well as OAuth for same site. i.e. if user access page1 on WEB do SAML authentication while when page1 access via Mobile do OAuth.

Please suggest whether its doable in AEM 6.1 if yes, any solution approach.

akhoury · Accepted Answer

Since there is no way to define which handler on the same path to trigger for authentication you would have to do some customization.

You could implement a custom servlet /bin/auth and configure the authentication handlers under subpaths of the servlet - for example /bin/auth/saml. When the user accesses the AEM site via method requiring SAML then set a cookie to remember their original entry point and redirect to that servlet with a querystring saying which type of authentication. For Example:

/bin/auth?type=saml

or

/bin/auth?type=oauth

Then redirect the user to the respective Auth Handler's path to trigger its normal authentication sequence (note that you should have stored a cookie remembering which page they started on before being redirected to /bin/auth?... so you could use that to send them back:

Auth handler OSGi configs:

SAML Handler "Path":

/bin/auth/saml

IDP would be configured with SAML Response to be sent to:

/bin/auth/saml/saml_login

OAuth Handler "Path":

/bin/auth/oauth

aemmarc2 · Answer

Sure, authentication handlers register on paths you define, so you should be okay here. P.S. Time to upgrade off 6.1

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded