Requirement:
When AEM page request redirected to OKTA for authentication , When user got authenticated from Okta and user got created in AEM , at the same time, we Need to make third party API call and get the groups list and then assign the user to those groups in AEM.
It looks like only option is Custom SAML Authentication handler. (Not just Authentication handler).
It seems adobe is not exposing com.adobe.granite.auth.saml and we need to create entire module.
We are combining CUG ( closed user group with CUG) with OKTA SAML sso . If we try Authentication Info Post Processor, user is assigned to groups. But, sling authenticator called first. For first request we are getting 404 and when we refresh the page, second time it is working ( Since Sling authenticator gets called before Post processor )
Any suggestions/information on this?
Solved! Go to Solution.
Views
Replies
Total Likes
Ok but we are using same for SAML
Example
@Designate(ocd = ExtSamlAuthenticationHandler.Config.class, factory = true)
@Component(service = AuthenticationHandler.class,
name = "com.abc.core.integration.saml.ExtSamlAuthenticationHandler",
configurationPolicy = ConfigurationPolicy.REQUIRE,
servicefactory = true,
property = {
"service.name" + "=EXT Adobe Granite SAML Authentication Handler",
Constants.SERVICE_DESCRIPTION + "=EXT Adobe Granite SAML Authentication Handler",
"authtype" + "=SAML"
})
public class ExtSamlAuthenticationHandler extends DefaultAuthenticationFeedbackHandler implements AuthenticationHandler {
}
However I can't share the client code.
Hi,
You can extend or create your own imlmentation
http://apoorva-ganapathy.blogspot.com/2016/08/aem-processing-saml-response-using.html
public class CustomSamlAuthenticationHandler extends DefaultAuthenticationFeedbackHandler implements AuthenticationHandler {
Hi Arun,
Thanks for the response.
First link is regarding : Info Post Processor. It doesn't work for our scenario.
Second link: The developer didn't implement that. He went with some other work around. Could you please check it again.
Please check https://kbwebconsult.com/authentication-handler-in-aem-custom-approach/
Ya. I followed that article also. It is Token based Custom authentication handler.
It is not Custom SAML (OKTA) authentication handler.
Ok but we are using same for SAML
Example
@Designate(ocd = ExtSamlAuthenticationHandler.Config.class, factory = true)
@Component(service = AuthenticationHandler.class,
name = "com.abc.core.integration.saml.ExtSamlAuthenticationHandler",
configurationPolicy = ConfigurationPolicy.REQUIRE,
servicefactory = true,
property = {
"service.name" + "=EXT Adobe Granite SAML Authentication Handler",
Constants.SERVICE_DESCRIPTION + "=EXT Adobe Granite SAML Authentication Handler",
"authtype" + "=SAML"
})
public class ExtSamlAuthenticationHandler extends DefaultAuthenticationFeedbackHandler implements AuthenticationHandler {
}
However I can't share the client code.
Hi Arun,
Did you override entire com.adobe.granite.auth.saml package in your code base ?
because it needs lot of adobe classes and those are not exposed?
No, we did not override that package, we have following imports and added following dependency in POM
<Embed-Dependency>com.adobe.granite.auth.saml</Embed-Dependency>
Import
import com.adobe.granite.auth.saml.configuration.IdpConfiguration;
import com.adobe.granite.auth.saml.configuration.SpConfiguration;
import com.adobe.granite.auth.saml.model.Assertion;
import com.adobe.granite.auth.saml.model.Attribute;
import com.adobe.granite.auth.saml.model.AuthnRequest;
import com.adobe.granite.auth.saml.model.AuthnStatement;
import com.adobe.granite.auth.saml.model.Issuer;
import com.adobe.granite.auth.saml.model.LogoutRequest;
import com.adobe.granite.auth.saml.model.LogoutResponse;
import com.adobe.granite.auth.saml.model.NameIdPolicy;
import com.adobe.granite.auth.saml.model.Response;
import com.adobe.granite.auth.saml.model.Status;
import com.adobe.granite.auth.saml.util.SamlReader;
import com.adobe.granite.auth.saml.util.SamlReaderException;
Version
<dependency>
<groupId>com.adobe.granite</groupId>
<artifactId>com.adobe.granite.auth.saml</artifactId>
<version>1.0.10</version>
<scope>provided</scope>
</dependency>
I see only below dependency in maven
https://mvnrepository.com/artifact/com.adobe.granite/com.adobe.granite.auth.saml
Did I miss anything here?
Yes, that dependency no more available at maven we have a cached version of it in our artifactory.
If It is cached version and specific to One company artifactory ,then I think Other company can't use.
Is there a way to get that version.
you can get that bundle from AEM itself and use that.
Views
Replies
Total Likes
Hi Arun, @arunpatidar
I'm also looking for exact requirement.
Could you please help me on how you embedded dependency in project.
I'm using the saml bundle as you suggested but I'm getting errors while building project as below:
Bundle abc.core:2.x.x-SNAPSHOT is importing package(s) [com.adobe.granite.auth.saml.binding, com.adobe.granite.auth.saml.configuration, com.adobe.granite.auth.saml, com.adobe.granite.auth.saml.model, com.adobe.granite.auth.saml.util, com.adobe.granite.auth.saml.extidp] in start level 20 but no bundle is exporting these for that start level.
Let me know how can I resolve this error?
Also, have you used the exact same code from samlauthenticationhandler.java in your custom implementation?
Views
Replies
Total Likes
Hi @abhisheklakhpatre
Any luck/progress after that ?
Views
Replies
Total Likes
Views
Likes
Replies