SSO in AEM - Custom SAML Authentication handler in AEM | Community
Skip to main content
P
Prasad
Level 2
April 19, 2023
Solved

SSO in AEM - Custom SAML Authentication handler in AEM

  • April 19, 2023
  • 1 reply
  • 3905 views

Requirement:

 

When AEM page request redirected to OKTA  for authentication , When user got authenticated from Okta and user got created in AEM , at the same time, we Need to make third party API call and get the groups list and then assign the user to those groups in AEM.

 

It looks like  only option is Custom SAML Authentication handler. (Not just Authentication handler).


It seems adobe is not exposing com.adobe.granite.auth.saml and  we need to create entire module.

 

 

We are combining CUG ( closed user group with CUG) with OKTA SAML sso . If we try Authentication Info Post Processor, user is assigned to groups. But, sling authenticator called first. For first request we are getting 404 and when we refresh the page, second time it is working ( Since Sling authenticator gets called before Post processor ) 

 


Any suggestions/information on this?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by arunpatidar

Ya. I followed that article also. It is Token based Custom authentication handler.

 

It is not Custom SAML (OKTA)  authentication handler.


Ok but we are using same for SAML

Example

 

@Designate(ocd = ExtSamlAuthenticationHandler.Config.class, factory = true) @Component(service = AuthenticationHandler.class, name = "com.abc.core.integration.saml.ExtSamlAuthenticationHandler", configurationPolicy = ConfigurationPolicy.REQUIRE, servicefactory = true, property = { "service.name" + "=EXT Adobe Granite SAML Authentication Handler", Constants.SERVICE_DESCRIPTION + "=EXT Adobe Granite SAML Authentication Handler", "authtype" + "=SAML" }) public class ExtSamlAuthenticationHandler extends DefaultAuthenticationFeedbackHandler implements AuthenticationHandler { }

However I can't share the client code. 

1 reply

arunpatidar
Community Advisor
arunpatidarCommunity Advisor
Community Advisor
April 19, 2023

Hi,

You can extend or create your own imlmentation

http://apoorva-ganapathy.blogspot.com/2016/08/aem-processing-saml-response-using.html 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/custom-saml-authentication-handler-service-in-aem-6-3-is-in/m-p/256236 

 

public class CustomSamlAuthenticationHandler extends DefaultAuthenticationFeedbackHandler implements AuthenticationHandler {

Arun Patidar
    P
    PrasadAuthor
    Level 2
    April 19, 2023

    Hi Arun,

     

    Thanks for the response.

    First link is regarding : Info Post Processor. It doesn't work for our scenario. 

    Second link: The developer didn't implement that. He went with some other work around. Could you please check it again. 

     

      R
      Rudra-2024
      Level 3
      April 19, 2023

      Please check https://kbwebconsult.com/authentication-handler-in-aem-custom-approach/ 


      Ya. I followed that article also. It is Token based Custom authentication handler.

       

      It is not Custom SAML (OKTA)  authentication handler.

        Terms & ConditionsAccessibility statement

        Loading footer...