Expand my Community achievements bar.

Learn about Edge Delivery Services in upcoming GEM session
Register!
SOLVED

SAML Redirection after authentication

Avatar

Level 3
Level 3
12/17/15 10:44:52 PM

We have requirement where once SAML authentication is done, it should not redirect to the Default Redirect as highlighted in attachment, but it should redirect to the Page/URL that we hit in the beginning. But CQ5 SAML functionality is irrespective of what the URL is hit, once SAML authentication is done, it redirects to Default Redirect url specified in the SAML Configuration as shown below.

To be specific on our flow, If the user is not authenticated, the control is redirected to a login page via the pingfederation URL mentioned in IDP URL configuration and the login page is not in CQ.

I am using Cq 5.6 version

Views

2.7K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
12/18/15 1:45:14 AM

Hey Sagar,

Common scenario you are facing here:

Couple of options for you:

  1. Extend SamlAuthenticationhandler[1] and over ride authenticationSucceeded, authenticationFailded methods with your custom logic. The only disadvantage here is that this Handler is no lnger extandable as of AEM 6.1 [1] https://docs.adobe.com/docs/en/cq/5-6-1/javadoc/com/adobe/granite/auth/saml/SamlAuthenticationHandle...
  2. Rely on Sling and implement the same logic in the AutheticationPostProcessor[1] https://sling.apache.org/apidocs/sling6/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcess...
  3. Implement two way redirect. Where first you redirect to default url and then on the default url(which is actually a servlet that redirects user to another application)
  4. Implement on Servlet level filter that bypasses your saml authentication url and on any other url check's for correct Auth details and if not present redirects users to another application.

There might be more approaches too.

Thanks,

Peter

View solution in original post

Views

1.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
12/18/15 1:45:14 AM

Hey Sagar,

Common scenario you are facing here:

Couple of options for you:

  1. Extend SamlAuthenticationhandler[1] and over ride authenticationSucceeded, authenticationFailded methods with your custom logic. The only disadvantage here is that this Handler is no lnger extandable as of AEM 6.1 [1] https://docs.adobe.com/docs/en/cq/5-6-1/javadoc/com/adobe/granite/auth/saml/SamlAuthenticationHandle...
  2. Rely on Sling and implement the same logic in the AutheticationPostProcessor[1] https://sling.apache.org/apidocs/sling6/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcess...
  3. Implement two way redirect. Where first you redirect to default url and then on the default url(which is actually a servlet that redirects user to another application)
  4. Implement on Servlet level filter that bypasses your saml authentication url and on any other url check's for correct Auth details and if not present redirects users to another application.

There might be more approaches too.

Thanks,

Peter

Views

1.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 1
Level 1
10/12/17 10:35:43 AM

Hi Sagar,

Were you able to extend SAML Authentication Handler.

I am trying to do the similiar thing and will need help.

Naveen

Views

1.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate