Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
SOLVED

SAML Redirection after authentication

Avatar

Level 3

We have requirement where once SAML authentication is done, it should not redirect to the Default Redirect as highlighted in attachment, but it should redirect to the Page/URL that we hit in the beginning. But CQ5 SAML functionality is irrespective of what the URL is hit, once SAML authentication is done, it redirects to Default Redirect url specified in the SAML Configuration as shown below.

To be specific on our flow, If the user is not authenticated, the control is redirected to a login page via the pingfederation URL mentioned in IDP URL configuration and the login page is not in CQ.

I am using Cq 5.6 version

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hey Sagar,

Common scenario you are facing here:

Couple of options for you:

  1. Extend SamlAuthenticationhandler[1] and over ride authenticationSucceeded, authenticationFailded methods with your custom logic. The only disadvantage here is that this Handler is no lnger extandable as of AEM 6.1 [1] https://docs.adobe.com/docs/en/cq/5-6-1/javadoc/com/adobe/granite/auth/saml/SamlAuthenticationHandle...
  2. Rely on Sling and implement the same logic in the AutheticationPostProcessor[1] https://sling.apache.org/apidocs/sling6/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcess...
  3. Implement two way redirect. Where first you redirect to default url and then on the default url(which is actually a servlet that redirects user to another application)
  4. Implement on Servlet level filter that bypasses your saml authentication url and on any other url check's for correct Auth details and if not present redirects users to another application.

There might be more approaches too.

Thanks,

Peter

View solution in original post

2 Replies

Avatar

Correct answer by
Community Advisor

Hey Sagar,

Common scenario you are facing here:

Couple of options for you:

  1. Extend SamlAuthenticationhandler[1] and over ride authenticationSucceeded, authenticationFailded methods with your custom logic. The only disadvantage here is that this Handler is no lnger extandable as of AEM 6.1 [1] https://docs.adobe.com/docs/en/cq/5-6-1/javadoc/com/adobe/granite/auth/saml/SamlAuthenticationHandle...
  2. Rely on Sling and implement the same logic in the AutheticationPostProcessor[1] https://sling.apache.org/apidocs/sling6/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcess...
  3. Implement two way redirect. Where first you redirect to default url and then on the default url(which is actually a servlet that redirects user to another application)
  4. Implement on Servlet level filter that bypasses your saml authentication url and on any other url check's for correct Auth details and if not present redirects users to another application.

There might be more approaches too.

Thanks,

Peter

Avatar

Level 1

Hi Sagar,

Were you able to extend SAML Authentication Handler.

I am trying to do the similiar thing and will need help.

Naveen