Adobe Experience Manager Sites & More

anupam_miglani · 10/28/21

Hi All,
I have a use case where in end-user have to login with SSO and once autheticated i create a user and assign that to a particular group. So this part is startight with OOTB SAML authenticattion handler connector.

Now I want certain content that is only visible by the user who has successfully logged in using SSO. And i am not sure weather CUG concept will be working here.

If anyone can share a some past experience around this it'll be great.
@arunpatidar26 @Kautuksahni

TIA

Raja-kp · 10/29/21

Hi @anupam_miglani -

1. Configure the required content path in SAML authentication OSGi configuration in publisher instance.

2. Configure the Domain name that should redirects to authentication page.

3. Create a user/group in publisher instance and grant required permission to the content path (which configured in SAML configuration)

4. Disable the cache for content path in dispatcher.

To Implement CUG - Please refer : https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/cug.html?lang=e...

View solution in original post

Singaiah_Chintalapudi · 10/28/21

Configure SAML on AEM publishers and make sure to configure the gated content path (make sure you've all the gated pages under one path). This will ensures the incoming requests to those pages (configured in the SAML configuration) are routed for SSO authentication.

Shashi_Mulugu · 10/28/21

@anupam_miglani yes this is perfect case of CUG. As suggested by @Singaiah_Chintalapudi please make sure all your secure pages are under one umbrella so that you configure CUG at root level..

Also if your secure pages are static.. ie .. content doesn't change from person to person.. try

https://www.google.com/url?sa=t&source=web&rct=j&url=https://experienceleague.adobe.com/docs/experie...

Ankur_Khare · 10/28/21

Hi,

Few more queries like whether you want to show specific component on a page to a specific user or entire page.

If entire page then the solutions provided by others will work but if thats not the case you need to write a custom logic based on the group user belongs to.