Hi all,
As per the business requirement, I am working on providing login functionality for multiple websites on same AEM 6.1 SP2 Instance. We already have a website which is configured with an IDP and SPID accordingly. Now that there are few more websites added to the same instance, we are in a process of providing login functionality for them. We have a single IDP and multiple SPID's with respective rankings for the websites. So upon creation of multiple SAML Configurations, the handler picks up the highest ranking configuration and processes it, for whatever the website it is with the "Path" configured to "/" for all the SAML configurations. Is there a way for us to say that www.aaa.com has to use SAML handler 1, www.bbb.com has to use SAML handler 2? Or is it something which we need to extend the existing SAML auth handler for doing it so?
My requirement is something near to this topic: Multiple Domains and SAML
Have followed the below mentioned forum threads, but no luck in getting through. Please suggest
Multiple SAML Configurations on Same AEM 6.1 Instance
Multiple Authentication handlers
AEM integration with multiple identity provider
Thanks,
Arvind
Solved! Go to Solution.
Views
Replies
Total Likes
We can handle multiple domain login with OOB adobe saml configuration itself. No need of custom handler.
Just make sure that the "path" property in the saml configuration should match with assertion consumer URL in IDP side.
Eg : if we have two domains www.abc.com with root path /content/abc and www.xyz.com with /content/xyz, then in the saml configuration for www.abc.com path should be conifgured as /content/abc and assertion consumer URL should be as https://www.abc.com/content/abc/saml_login and configure the other domain in similar way. Also configure the default redirect url for both domains as required.
Views
Replies
Total Likes
We have a SAML article here -- Integrating SAML with Adobe Experience Manager
For multiple ones - looks like you are correct - a custom handler is needed.
Views
Replies
Total Likes
Why have "/" configured as the path for all of them. To avoid having to do some special handling you could have each handler configured with "Path" pointing to the site (e.g. for the www.aaa.com handler the Path field would be /content/aaa). Then when the user goes to the site (they should be visiting /content/aaa anyway), they would get sent to the correct IDP for login.
Views
Replies
Total Likes
Hi Andrew,
Upon changing the the path to "/content/aaa" and "/content/bbb" it still picks up the highest ranking SAML configuration for all the websites login. As I said, its single IDP and multiple SPID's in our scenario.
Thanks,
Arvind
Views
Replies
Total Likes
We can handle multiple domain login with OOB adobe saml configuration itself. No need of custom handler.
Just make sure that the "path" property in the saml configuration should match with assertion consumer URL in IDP side.
Eg : if we have two domains www.abc.com with root path /content/abc and www.xyz.com with /content/xyz, then in the saml configuration for www.abc.com path should be conifgured as /content/abc and assertion consumer URL should be as https://www.abc.com/content/abc/saml_login and configure the other domain in similar way. Also configure the default redirect url for both domains as required.
Views
Replies
Total Likes
Hi,
Our requirement is similar but when user moves onto other domain, user must not be asked to login again since IDP is same for both domains i.e. user is on a page with domain www.xyz.com and tries to navigate to www.xyz.co.uk user must not be asked to login again since already logged in and has access to co.uk as well. Is it possible? Are there any configurations required at IDP end to achieve this?
We are using Salesforce as Identity Provider.
Any suggestions would be really helpful.
Thanks,
Srikanth Pogula.
Views
Replies
Total Likes