SAML authentication for end users | Community
Skip to main content
U
usr24
New Member
March 8, 2024

SAML authentication for end users

  • March 8, 2024
  • 4 replies
  • 994 views

Hi there,

I'm writing this post to ask for some clarifications about cloud saml authentication for end users.

In the past, looking for a solution to authenticate end users on some of our portals, saml authentication was highly discouraged, especially for portals with a big userbase (millions of users). Many said saml authentication was used only for authoring or administration purposes.

Now, i bumped into this guide: https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/authentication/saml-2-0.html?lang=en.

Has anything changed during these years? Can we use saml2 authentication on publish to authenticate a very large userbase? Is there any limitation to take into consideration?

I'm asking this because we are taking into consideration the option of using this method of authentication for our end users.

 

Thanks in advance for your support.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

4 replies

pulkitvashisth
Community Advisor
pulkitvashisthCommunity Advisor
Community Advisor
March 8, 2024

SAML 2.0 is generally considered to be secure and scalable. However, there are some limitations to consider.

  • SAML can be complex to set up and maintain, especially for large organizations.
  • SAML relies on XML, which can be verbose and slow to process.
  • SAML does not support strong authentication by itself.

If you are considering using SAML 2.0 for a large user base, it is important to weigh the benefits and drawbacks carefully. You may also want to consider other SSO protocols, such as OAuth 2.0 or OpenID Connect.

    SureshDhulipudi
    Community Advisor
    SureshDhulipudiCommunity Advisor
    Community Advisor
    March 8, 2024

    SAML we generally use for Single Sign On (SSO) solution.

    In AEM - SAML can be used for both Author and Publish instances (Login and access)

    but

    SAML for end user - not recommended. For end user - you can use Registration Process (registered users) - create login id and password to register users and provide authentication.

    SAML authentication involves several redirects and XML parsing, which can add latency to the authentication process. For a large number of users, this could potentially impact performance

    The guide above is the process to set up SAML For AEM instances.

      U
      usr24Author
      New Member
      March 11, 2024

      But, in your experience, is it worth to authenticate the end user on AEM or is it better to use a separate mechanism (for example authenticate directly from frontend to an external service, without going through AEM)?

      kautuk_sahni
      Community Manager
      kautuk_sahniCommunity Manager
      Community Manager
      March 14, 2024

      @usr24 Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

      Kautuk Sahni
      Terms & ConditionsAccessibility statement

      Loading footer...