Expand my Community achievements bar.

SSO - SAML and LDAP Understanding

Avatar

Level 2

Hi All,

I need to clear some doubt regarding Single Sign On(SSO). Below are the doubts which I am mentioning.

These are the basic concept but i need to clear those. It will be great if I can get some view on below queries.

1: Can SAML and LDAP be configured together for SSO. As per my understanding both are protocol and can not be applied together in SSO.

2: I want to configure one LDAP for content hierarchy(/content/geometrix) and other LDAP for other content hierarchy(/content/weretail). Is it possible to configure one LDAP for one content hierarchy and other LDAP for other content hierarchy? As per me I am unable to find the path configuration for content structure for LDAP Identity provider, Auth Handler and External Login, so how LDAP identifies under which content hierarchy SSO needs to be applied.

3: In AEM OOTB a configuration is present "Adobe Granite SSO Authentication Handler". What is the purpose of this Authentication Handler.

Thanks in advance

2 Replies

Avatar

Employee Advisor

Answer to your questions below:

1) Yes, it is possible

2) As per my understanding, SAML will only be triggered when path(/content/weretail) is accessed and when AEM tries to find authentication handler for path /content/geometrix, it will only have LDAP as the authentication provider. So, SAML for the path defined and LDAP for everything else.

3) This configuration is for SSO and has nothing to do with LDAP/SAML. More details at [1]

[1] Single Sign On

Avatar

Level 2

Hi All,

JaideepBrar​ : Thanks for the reply. The response you have provide make sense to me. It means for any path if LDAP and SAML both are configured, AEM will give preference to SAML.

If anyone has any other views, kindly provide your thoughts.