SAML and SSO in AEM

View profile · 04-04-2018

I need some insights on when to use AEM and SAML integration and when to use SSO. I have read articles where both have been used interchangeably.

For example, SSO in AEM using with Shibboleth but the articles are not using SSO handler but configuring SAML 2.0 authentication handler instead. I have my guesses on this but I would like to get the expert advice on this. In which use case AEM and SAML is to be used (when the intent is to provide the Single Sign-on capabilities) and in which use case AEM and SSO is to be used?

View profile · 04-04-2018

It depends on what you already have in your infrastructure. If you already have an identity provider setup e.g. Shibboleth, ADFS, OKTA etc you can go for SAML authentication handler. If you have other security solutions like IBM Security Access Manager, Oracle Identity Manger, CA Siteminder, IIS Windows Integrated Login etc. you can go for Granite SSO handler. Though any of these products could provide several authentication mechanisms including SAML.

Former relies on SAML based protocols for authentication and later makes use of authentication based on header, params & cookies.

HTH.

View profile · 04-04-2018

Assuming you already have Single Sign-on capability in the overall organization infrastructure and you need to use the accounts from the your global identity provider so that users can just logon to AEM instance at the single entity and login into all other environments then SAML SSO integration with AEM would make sense.

Replies