We successfully integrated SSO (SAML) using “SamlAuthenticationHandler” on author instance and it is working fine. As we all learnt/understood this “SamlAuthenticationHanlder” requires AEM to store User Profile in Author Instance. This solution would work fine in Author instance perspective.
Whereas, when it comes to Publish instance, to store few million user profiles in AEM publish Instance, is not a viable solution, as we all understand/agree on.
The question is, can we have this “SamlAuthenticationHandler” extended/modified only for publish instance not to store User profile, but can map it with User Groups in AEM? and we maintain the user profile in session/client context to work with without storing in AEM publish instance. Is that change in “SamlAuthenticationHandler” possible, can we go in that route? Please share your insights on this.
NOTE: SAML auth package is confidential to Adobe and not exposed any API details in the adobe documentation.
Raj
