Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

SSO - SAML and LDAP Understanding

Avatar

Avatar
Validate 1
Level 1
brijesht4727374
Level 1

Likes

0 likes

Total Posts

11 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Ignite 1
Give Back
Affirm 1
View profile

Avatar
Validate 1
Level 1
brijesht4727374
Level 1

Likes

0 likes

Total Posts

11 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Ignite 1
Give Back
Affirm 1
View profile
brijesht4727374
Level 1

23-09-2019

Hi All,

I need to clear some doubt regarding Single Sign On(SSO). Below are the doubts which I am mentioning.

These are the basic concept but i need to clear those. It will be great if I can get some view on below queries.

1: Can SAML and LDAP be configured together for SSO. As per my understanding both are protocol and can not be applied together in SSO.

2: I want to configure one LDAP for content hierarchy(/content/geometrix) and other LDAP for other content hierarchy(/content/weretail). Is it possible to configure one LDAP for one content hierarchy and other LDAP for other content hierarchy? As per me I am unable to find the path configuration for content structure for LDAP Identity provider, Auth Handler and External Login, so how LDAP identifies under which content hierarchy SSO needs to be applied.

3: In AEM OOTB a configuration is present "Adobe Granite SSO Authentication Handler". What is the purpose of this Authentication Handler.

Thanks in advance

Replies

Avatar

Avatar
Coach
Employee
jbrar
Employee

Likes

387 likes

Total Posts

869 posts

Correct Reply

283 solutions
Top badges earned
Coach
Establish
Give Back 50
Give Back 5
Give Back 3
View profile

Avatar
Coach
Employee
jbrar
Employee

Likes

387 likes

Total Posts

869 posts

Correct Reply

283 solutions
Top badges earned
Coach
Establish
Give Back 50
Give Back 5
Give Back 3
View profile
jbrar
Employee

23-09-2019

Answer to your questions below:

1) Yes, it is possible

2) As per my understanding, SAML will only be triggered when path(/content/weretail) is accessed and when AEM tries to find authentication handler for path /content/geometrix, it will only have LDAP as the authentication provider. So, SAML for the path defined and LDAP for everything else.

3) This configuration is for SSO and has nothing to do with LDAP/SAML. More details at [1]

[1] Single Sign On

Avatar

Avatar
Validate 1
Level 1
brijesht4727374
Level 1

Likes

0 likes

Total Posts

11 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Ignite 1
Give Back
Affirm 1
View profile

Avatar
Validate 1
Level 1
brijesht4727374
Level 1

Likes

0 likes

Total Posts

11 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Ignite 1
Give Back
Affirm 1
View profile
brijesht4727374
Level 1

23-09-2019

Hi All,

JaideepBrar​ : Thanks for the reply. The response you have provide make sense to me. It means for any path if LDAP and SAML both are configured, AEM will give preference to SAML.

If anyone has any other views, kindly provide your thoughts.