Expand my Community achievements bar.

SOLVED

SSO/SAML on AEM Publisher

Avatar

Level 2
Level 2
10/15/15 7:27:34 PM

I am currently working on implementing an asset manager using Adobe AEM 5.6.1 DAM and want to use the Asset Share and Asset Editor templates on publisher. Our client however needs these pages to be secure and restrict access to users who authenticate through a SAML-based SSO product. The SAM authentication handler configuration on Author instances is pretty straight forward but when attempting to do the same on publisher it does not work. The default behavior when using Asset Share page on publisher is that it redirects to the geometrix login (not AEM) page. I understand that this can be changed to a different page but I need it to redirect to the IdP login screen. When I configue the SAML authentication handler on publisher with the same exact parameters that work on author I not only am not redirected to the IdP to enter credentials, but I am not prompted for any authentication at all.

Is there a setting or something that I am missing somewhere on a publisher instances to enable the SAML authentication handler the same way it works on an author instance?

Any help and advice would be greatly appreciated.

Views

3.1K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 1
Level 1
10/15/15 7:27:34 PM

"Authentication Required" being set to No means that you're allowing anonymous login to the path specified, which is the default in publish. If you want to enforce login at a specific path, say /content/dam/clientdam, you can configure it in the Sling Authentication Service by adding +/content/dam/clientdam to the authentication requirements.

More about anonymous login with Sling authentication here: http://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html#...

View solution in original post

Views

2.0K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Level 10
Level 10
10/15/15 7:27:34 PM

Configuration is same as author & no additional things required. Seems like other authentication handler may be picked. Change the service ranking of saml authentication handler and verify at http://localhost:4503/system/console/slingauth

Views

2.0K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
10/15/15 7:27:34 PM

Sham HC wrote...

Configuration is same as author & no additional things required. Seems like other authentication handler may be picked. Change the service ranking of saml authentication handler and verify at http://localhost:4503/system/console/slingauth

 

Thank you for your response but I had tried that. The slingauth does show the SAML Authentication handler above the Day CQ Login selector authenticator. I have even tried disabling the Day CQ Login selector authenticator entirely and still I am never prompted for credentials when I access http://localhost:4503/content/dam/clientdam/assetshare.html (which is an instance of the assetshare page).

Looking at the Authentication Requirement Configuration in the slingauth config I see that on publisher that Authentication required is set to No in there but on Author it has different settings and some things have a Yes for Authentication required. Do I need to change something there and if so how?

Thanks in advance..

Views

2.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 1
Level 1
10/15/15 7:27:34 PM

"Authentication Required" being set to No means that you're allowing anonymous login to the path specified, which is the default in publish. If you want to enforce login at a specific path, say /content/dam/clientdam, you can configure it in the Sling Authentication Service by adding +/content/dam/clientdam to the authentication requirements.

More about anonymous login with Sling authentication here: http://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html#...

Views

2.0K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
10/15/15 7:27:34 PM

Tiffany Wong wrote...

"Authentication Required" being set to No means that you're allowing anonymous login to the path specified, which is the default in publish. If you want to enforce login at a specific path, say /content/dam/clientdam, you can configure it in the Sling Authentication Service by adding +/content/dam/clientdam to the authentication requirements.

More about anonymous login with Sling authentication here: http://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html#...

 

I can't thank you enough! That is exactly what I overlooked when looking at all of the other configuration settings on my publisher for authentication. That did the trick. 

Views

2.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Need to generate a PDF file from a AEM wite page

Views

60

Likes

0

Replies

1
Display few lines of text next to check box icon in AEM dialog

Views

145

Likes

0

Replies

5
Getting 503 error in AEM 6.5 publishers , authentication support missing

Views

125

Likes

0

Replies

4
AEM-User generated collections-dowload

Views

71

Likes

0

Replies

2
Inquiry Regarding Triggering Notifications for AEM Editor Actions

Views

48

Likes

0

Replies

1