Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Saml Authentication Handler on Publish Instance


Level 1

We successfully integrated SSO (SAML) using “SamlAuthenticationHandler” on author instance and it is working fine. As we all learnt/understood this “SamlAuthenticationHanlder” requires AEM to store User Profile in Author Instance. This solution would work fine in Author instance perspective.

Whereas, when it comes to Publish instance, to store  few million user profiles in AEM publish Instance, is not a viable solution, as we all understand/agree on.

The question is, can we have this “SamlAuthenticationHandler” extended/modified only for publish instance not to store User profile, but can map it with User Groups in AEM?  and we maintain the user profile in session/client context to work with without storing in AEM publish instance. Is that change in “SamlAuthenticationHandler” possible, can we go in that route? Please share your insights on this.

NOTE: SAML auth package is confidential to Adobe and not exposed any API details in the adobe documentation.


1 Reply


Level 10


Any sling Authenticationhandler is required if you are protecting the resources (pages/assets) in publish instance (By default publish is for anonymous).   In your description all you need is make use of client context with some profile information set in another layer.  If that is the case why do you need SamlAuthenticationHanlder on publish?