Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
Learn More

SAML authentication for end users

Avatar

Level 1
Level 1
3/8/24 7:18:18 AM

Hi there,

I'm writing this post to ask for some clarifications about cloud saml authentication for end users.

In the past, looking for a solution to authenticate end users on some of our portals, saml authentication was highly discouraged, especially for portals with a big userbase (millions of users). Many said saml authentication was used only for authoring or administration purposes.

Now, i bumped into this guide: https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/authentication/saml-2....

Has anything changed during these years? Can we use saml2 authentication on publish to authenticate a very large userbase? Is there any limitation to take into consideration?

I'm asking this because we are taking into consideration the option of using this method of authentication for our end users.

 

Thanks in advance for your support.

Views

229

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
4 Replies

Avatar

Level 6
Level 6
3/8/24 11:30:09 AM

SAML 2.0 is generally considered to be secure and scalable. However, there are some limitations to consider.

  • SAML can be complex to set up and maintain, especially for large organizations.
  • SAML relies on XML, which can be verbose and slow to process.
  • SAML does not support strong authentication by itself.

If you are considering using SAML 2.0 for a large user base, it is important to weigh the benefits and drawbacks carefully. You may also want to consider other SSO protocols, such as OAuth 2.0 or OpenID Connect.

Views

218

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
3/8/24 1:15:06 PM

SAML we generally use for Single Sign On (SSO) solution.

In AEM - SAML can be used for both Author and Publish instances (Login and access)

but

SAML for end user - not recommended. For end user - you can use Registration Process (registered users) - create login id and password to register users and provide authentication.

SAML authentication involves several redirects and XML parsing, which can add latency to the authentication process. For a large number of users, this could potentially impact performance

The guide above is the process to set up SAML For AEM instances.

Views

207

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
3/11/24 1:27:34 AM

But, in your experience, is it worth to authenticate the end user on AEM or is it better to use a separate mechanism (for example authenticate directly from frontend to an external service, without going through AEM)?

Views

169

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Administrator
Administrator
3/14/24 2:49:01 AM

@usr24 Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.



Kautuk Sahni

Views

129

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
How can i set different no.of columns for 'Column control' component on load for different templates in AEM 6.5? Solved

Views

198

Likes

0

Replies

9
AEM for Career Site for SAP SuccessFactors

Views

57

Likes

0

Replies

1
Using a third party plugin/library for A/B testing in AEM Sites

Views

57

Likes

0

Replies

1
How sync draft sites content such as an article or product page to Workfront for review and approval?

Views

126

Likes

0

Replies

7
Absolute URLs instead of relative URLs for XML Sitemap

Views

64

Likes

0

Replies

2