Adobe Experience Manager Sites & More

Prasad · 4/18/23

Requirement:

When AEM page request redirected to OKTA for authentication , When user got authenticated from Okta and user got created in AEM , at the same time, we Need to make third party API call and get the groups list and then assign the user to those groups in AEM.

It looks like only option is Custom SAML Authentication handler. (Not just Authentication handler).

It seems adobe is not exposing com.adobe.granite.auth.saml and we need to create entire module.

We are combining CUG ( closed user group with CUG) with OKTA SAML sso . If we try Authentication Info Post Processor, user is assigned to groups. But, sling authenticator called first. For first request we are getting 404 and when we refresh the page, second time it is working ( Since Sling authenticator gets called before Post processor )

Any suggestions/information on this?

arunpatidar · 4/20/23

Ok but we are using same for SAML

Example

@Designate(ocd = ExtSamlAuthenticationHandler.Config.class, factory = true)
@Component(service = AuthenticationHandler.class,
        name = "com.abc.core.integration.saml.ExtSamlAuthenticationHandler",
        configurationPolicy = ConfigurationPolicy.REQUIRE,
        servicefactory = true,
        property = {
                "service.name" + "=EXT Adobe Granite SAML Authentication Handler",
                Constants.SERVICE_DESCRIPTION + "=EXT Adobe Granite SAML Authentication Handler",
                "authtype" + "=SAML"
        })
public class ExtSamlAuthenticationHandler extends DefaultAuthenticationFeedbackHandler implements AuthenticationHandler {

}

However I can't share the client code.

Arun Patidar

View solution in original post

arunpatidar · 4/19/23

Hi,

You can extend or create your own imlmentation

http://apoorva-ganapathy.blogspot.com/2016/08/aem-processing-saml-response-using.html

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/custom-saml-authentication...

public class CustomSamlAuthenticationHandler extends DefaultAuthenticationFeedbackHandler implements AuthenticationHandler {

Arun Patidar

Prasad · 4/19/23

Hi Arun,

Thanks for the response.

First link is regarding : Info Post Processor. It doesn't work for our scenario.

Second link: The developer didn't implement that. He went with some other work around. Could you please check it again.

arunpatidar · 4/19/23

Please check https://kbwebconsult.com/authentication-handler-in-aem-custom-approach/

Arun Patidar

Rudra-2024 · 4/19/23

Ya. I followed that article also. It is Token based Custom authentication handler.

It is not Custom SAML (OKTA) authentication handler.

arunpatidar · 4/20/23

Ok but we are using same for SAML

Example

@Designate(ocd = ExtSamlAuthenticationHandler.Config.class, factory = true)
@Component(service = AuthenticationHandler.class,
        name = "com.abc.core.integration.saml.ExtSamlAuthenticationHandler",
        configurationPolicy = ConfigurationPolicy.REQUIRE,
        servicefactory = true,
        property = {
                "service.name" + "=EXT Adobe Granite SAML Authentication Handler",
                Constants.SERVICE_DESCRIPTION + "=EXT Adobe Granite SAML Authentication Handler",
                "authtype" + "=SAML"
        })
public class ExtSamlAuthenticationHandler extends DefaultAuthenticationFeedbackHandler implements AuthenticationHandler {

}

However I can't share the client code.

Arun Patidar

Rudra-2024 · 4/20/23

Hi Arun,

Did you override entire com.adobe.granite.auth.saml package in your code base ?

because it needs lot of adobe classes and those are not exposed?

arunpatidar · 4/20/23

No, we did not override that package, we have following imports and added following dependency in POM

<Embed-Dependency>com.adobe.granite.auth.saml</Embed-Dependency>

Import

import com.adobe.granite.auth.saml.configuration.IdpConfiguration;
import com.adobe.granite.auth.saml.configuration.SpConfiguration;
import com.adobe.granite.auth.saml.model.Assertion;
import com.adobe.granite.auth.saml.model.Attribute;
import com.adobe.granite.auth.saml.model.AuthnRequest;
import com.adobe.granite.auth.saml.model.AuthnStatement;
import com.adobe.granite.auth.saml.model.Issuer;
import com.adobe.granite.auth.saml.model.LogoutRequest;
import com.adobe.granite.auth.saml.model.LogoutResponse;
import com.adobe.granite.auth.saml.model.NameIdPolicy;
import com.adobe.granite.auth.saml.model.Response;
import com.adobe.granite.auth.saml.model.Status;
import com.adobe.granite.auth.saml.util.SamlReader;
import com.adobe.granite.auth.saml.util.SamlReaderException;

Version

<dependency>
<groupId>com.adobe.granite</groupId>
<artifactId>com.adobe.granite.auth.saml</artifactId>
<version>1.0.10</version>
<scope>provided</scope>
</dependency>

Arun Patidar

Rudra-2024 · 4/20/23

I see only below dependency in maven

https://mvnrepository.com/artifact/com.adobe.granite/com.adobe.granite.auth.saml

Did I miss anything here?

arunpatidar · 4/21/23

Yes, that dependency no more available at maven we have a cached version of it in our artifactory.

Arun Patidar

Rudra-2024 · 4/21/23

If It is cached version and specific to One company artifactory ,then I think Other company can't use.
Is there a way to get that version.

arunpatidar · 4/24/23

you can get that bundle from AEM itself and use that.

Arun Patidar

abhisheklakhpatre · 5/17/23

Hi Arun, @arunpatidar
I'm also looking for exact requirement.

Could you please help me on how you embedded dependency in project.

I'm using the saml bundle as you suggested but I'm getting errors while building project as below:

Bundle abc.core:2.x.x-SNAPSHOT is importing package(s) [com.adobe.granite.auth.saml.binding, com.adobe.granite.auth.saml.configuration, com.adobe.granite.auth.saml, com.adobe.granite.auth.saml.model, com.adobe.granite.auth.saml.util, com.adobe.granite.auth.saml.extidp] in start level 20 but no bundle is exporting these for that start level.

Let me know how can I resolve this error?

Also, have you used the exact same code from samlauthenticationhandler.java in your custom implementation?

Rudra-2024 · 6/12/23

Hi @abhisheklakhpatre

Any luck/progress after that ?

Adobe Experience Manager Sites & More

SSO in AEM - Custom SAML Authentication handler in AEM

Arun Patidar

Arun Patidar

Arun Patidar

Arun Patidar

Arun Patidar

Arun Patidar

Arun Patidar

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe