Expand my Community achievements bar.

SAML login is setting 2 saml_request_path cookie

Avatar

Level 1
Level 1
5/4/22 4:01:58 PM

I have created a custom AuthenticationInfoPostProcessor service so that I could sent saml_request_path  and redirect the authenticated user to the appropriate page.   However, after authentication (i.e.after /saml_login request), there are 2 saml_request_path  set in the response - one set to the value I'm setting in the custom AuthenticationInfoPostProcessor service and one with a value of null.  The saml_request_path  with null value redirects to my homepage.

 

How do I set saml_request_path so that the user is redirected to the appropriate page?  How do I prevent the second saml_request_path  cookie from being added?

Views

935

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
2 Replies

Avatar

Community Advisor
Community Advisor
5/4/22 9:11:55 PM

Hi @ahnc 

 

I had previously worked on a similar requirement. The saml_request_path cookie is originally set in org.apache.sling.auth.core.spi.AuthenticationHandler. So avoid setting it in AuthenticationInfoPostProcessor.

 

What you can do is create a loginHook which implements AuthenticationHandler and override requestCredentials method. Set your saml_request_path inside this method.

 

@Override
public boolean requestCredentials(final HttpServletRequest httpServletRequest,
        final HttpServletResponse httpServletResponse) throws IOException {
    final int expiryTime = 60 * 60 * 60 * 24;
    LOGGER.debug("Login hook initialized");
    String pagePath = httpServletRequest.getRequestURI();

    String queryString = httpServletRequest.getQueryString();
    CookieUtil.addCookie(
            ServletUtil.createCookie("saml_request_path", pagePath, true, expiryTime, null, "/", false),
            httpServletResponse);

    return wrappedAuthHandler.requestCredentials(httpServletRequest, httpServletResponse);
}

The above solution worked for me for this exact requirement. Hope it helps you too.

 

https://github.com/Adobe-Consulting-Services/acs-aem-samples/blob/master/core/src/main/java/com/adob...

 

Regards,

Jeevan 

Views

917

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
5/6/22 2:41:23 PM
In response to JeevanRaj

Hi @JeevanRaj.  Thanks for the suggestion.  I implemented the login hook and some logging.  I don't see requestCredentials during login.  Most of our site does not require login.  I assume requestCredentials method is only called when a page requires authentication, correct?

 

Is there a way to prevent AuthenticationHandler from setting saml_request_path cookie so that I can set it using a different method (e.g. sling request filter)?  

Views

894

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
My custom servlet is not being called

Views

808

Likes

0

Replies

30
Only jquery console.log statement is not working in AEM. Other lines of code executes well. Is there a way to debug this issue?

Views

659

Likes

0

Replies

21
Dependency issues when PDF Services SDK is installed on AEM 6.5.21

Views

224

Likes

0

Replies

1
The user name display order of the surname and given name is not correct when language setting is Japanese on Author.

Views

131

Likes

6

Replies

2
After Page move, not updating all the links where that path is configured in page AEM 6.5 on-premise

Views

354

Likes

0

Replies

8