Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SAML login is setting 2 saml_request_path cookie

Avatar

Level 1

I have created a custom AuthenticationInfoPostProcessor service so that I could sent saml_request_path  and redirect the authenticated user to the appropriate page.   However, after authentication (i.e.after /saml_login request), there are 2 saml_request_path  set in the response - one set to the value I'm setting in the custom AuthenticationInfoPostProcessor service and one with a value of null.  The saml_request_path  with null value redirects to my homepage.

 

How do I set saml_request_path so that the user is redirected to the appropriate page?  How do I prevent the second saml_request_path  cookie from being added?

2 Replies

Avatar

Community Advisor

Hi @ahnc 

 

I had previously worked on a similar requirement. The saml_request_path cookie is originally set in org.apache.sling.auth.core.spi.AuthenticationHandler. So avoid setting it in AuthenticationInfoPostProcessor.

 

What you can do is create a loginHook which implements AuthenticationHandler and override requestCredentials method. Set your saml_request_path inside this method.

 

@Override
public boolean requestCredentials(final HttpServletRequest httpServletRequest,
final HttpServletResponse httpServletResponse) throws IOException {
final int expiryTime = 60 * 60 * 60 * 24;
LOGGER.debug("Login hook initialized");
String pagePath = httpServletRequest.getRequestURI();

String queryString = httpServletRequest.getQueryString();
CookieUtil.addCookie(
ServletUtil.createCookie("saml_request_path", pagePath, true, expiryTime, null, "/", false),
httpServletResponse);

return wrappedAuthHandler.requestCredentials(httpServletRequest, httpServletResponse);
}

The above solution worked for me for this exact requirement. Hope it helps you too.

 

https://github.com/Adobe-Consulting-Services/acs-aem-samples/blob/master/core/src/main/java/com/adob...

 

Regards,

Jeevan 

Avatar

Level 1

Hi @JeevanRaj.  Thanks for the suggestion.  I implemented the login hook and some logging.  I don't see requestCredentials during login.  Most of our site does not require login.  I assume requestCredentials method is only called when a page requires authentication, correct?

 

Is there a way to prevent AuthenticationHandler from setting saml_request_path cookie so that I can set it using a different method (e.g. sling request filter)?