Hi Team,
Good Morning/Afternoon.
We have a login based application. We need to implement SSO in AEM with Okta integration and use AEM CUG to authorize the user for the page
We are able to implement SSO in AEM with Okta. But, there is one issue with CUG.
When user requests any AEM page, user will be redirected to Okta login page for authentication.
After success-full authentication in Okta, user will be created in AEM. In Okta SAML assertion response we are not getting user groups list .
We need to call Third party API for users list. At the same time we need use CUG concept ( closed user group ) for authorization purpose .
I thought of two solutions
1. Use custom authentication handler
Once custom authentication handler triggers, get the user I’d from Okta SAML assertion response and make third party api call to get the user groups list.
And then create the user and assign the user to groups.
2. Use sling filter
Once sling filter triggers get the login user I’d and make an api call to get the user groups . Then assign the user to groups.
This is under impression that sling filter triggers first before CUG concept
I tried sling filter approach . For the same page, first 2 requests it gave 404 and third time am able to access the page. It happened for all the sample users in Okta.
Not sure why first 2 times I got 404 and third time it worked. Any idea/help on this ?
Is custom authentication handler is help full in this scenario?
Any help/info is much appreciated . Thanks in advance.
Solved! Go to Solution.
Views
Replies
Total Likes
Yes, the AuthenticationInfoPostProcessor triggered after the Sling authenticator.
Regards
I assume the AuthenticationInfoPostProcessor can help here; invoke the API from the post-processor and handle your logic.
Refer to Adobe Experience Manager: Reporting on User’s Last Login Date (albinsblog.com) for more details on using AuthenticationInfoPostProcessor.
Regards
Albin
Hi @Albin_Issac
Thanks for the reply.
My second option will not work because Sling authenticator triggers before sling filter.
Do you think , AuthenticationInfoPostProcessor will trigger before Sling authenticator ?
and one more question what about custom authentication handler. Do you have any info /samples for it ?
Yes, the AuthenticationInfoPostProcessor triggered after the Sling authenticator.
Regards
Views
Likes
Replies
Views
Likes
Replies