Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Role based authorization after SAML Authentication

Avatar

Avatar
Validate 1
Level 1
ankitg2807
Level 1

Likes

0 likes

Total Posts

8 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
ankitg2807
Level 1

Likes

0 likes

Total Posts

8 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile
ankitg2807
Level 1

15-01-2021

Hi,

 

I have a requirement to add role based authorization for some secure pages. I want to set a property for pages called "Security Groups". This property will contain group names which shall have access to that page. I have configured SAML authn handler with Okta IDP . After login when SAML response is submitted to AEM ACS url , viz - /content/****/saml_login ,  I want to read the "Security Groups" from page property and groups of loggedin user from SAML response , and if there is a match between page property value and SAML response groups attribute , then allow user to view the page , if not then redirect user to error page. 

 

User data is maintained in active directory and Okta provides those details, so I don't want to recreate those groups in AEM, just want to do the authorization on the go. I want to set the groups coming from Okta into user session , and on every page request , match Security groups property of page with groups in session.

 

Request you to let me know how to implement this.

 

Thanks!

View Entire Topic

Avatar

Avatar
Validate 10
Level 3
ankurk67503819
Level 3

Likes

15 likes

Total Posts

89 posts

Correct Reply

1 solution
Top badges earned
Validate 10
Validate 1
Boost 10
Boost 5
Boost 3
View profile

Avatar
Validate 10
Level 3
ankurk67503819
Level 3

Likes

15 likes

Total Posts

89 posts

Correct Reply

1 solution
Top badges earned
Validate 10
Validate 1
Boost 10
Boost 5
Boost 3
View profile
ankurk67503819
Level 3

18-01-2021

Recently i did this, you can achieve this using the roles you are getting from okta.

Once a user logged in to AEM will be assigned that role coming from okta and in aem u need to assign specific permission to that group.