コミュニティアチーブメントバーを展開する。

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now

Mark Solution

この会話は、活動がないためロックされています。新しい投稿を作成してください。

解決済み

SSO/SAML on AEM Publisher

Avatar

Level 2
Level 2
2015/10/15 7:27:34 PM

I am currently working on implementing an asset manager using Adobe AEM 5.6.1 DAM and want to use the Asset Share and Asset Editor templates on publisher. Our client however needs these pages to be secure and restrict access to users who authenticate through a SAML-based SSO product. The SAM authentication handler configuration on Author instances is pretty straight forward but when attempting to do the same on publisher it does not work. The default behavior when using Asset Share page on publisher is that it redirects to the geometrix login (not AEM) page. I understand that this can be changed to a different page but I need it to redirect to the IdP login screen. When I configue the SAML authentication handler on publisher with the same exact parameters that work on author I not only am not redirected to the IdP to enter credentials, but I am not prompted for any authentication at all.

Is there a setting or something that I am missing somewhere on a publisher instances to enable the SAML authentication handler the same way it works on an author instance?

Any help and advice would be greatly appreciated.

表示

3.7K

返信

4
ログインしてこのコンテンツに「いいね!」する

いいね!の合計

翻訳
翻訳
1 受け入れられたソリューション

Avatar

正解者
Level 1
Level 1
2015/10/15 7:27:34 PM

"Authentication Required" being set to No means that you're allowing anonymous login to the path specified, which is the default in publish. If you want to enforce login at a specific path, say /content/dam/clientdam, you can configure it in the Sling Authentication Service by adding +/content/dam/clientdam to the authentication requirements.

More about anonymous login with Sling authentication here: http://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html#...

元の投稿で解決策を見る

表示

2.7K

返信

0
ログインしてこのコンテンツに「いいね!」する

いいね!の合計

翻訳
翻訳
返信にジャンプ
4 返信

Avatar

Level 10
Level 10
2015/10/15 7:27:34 PM

Configuration is same as author & no additional things required. Seems like other authentication handler may be picked. Change the service ranking of saml authentication handler and verify at http://localhost:4503/system/console/slingauth

表示

2.7K

返信

0
ログインしてこのコンテンツに「いいね!」する

いいね!の合計

翻訳
翻訳

Avatar

Level 2
Level 2
2015/10/15 7:27:34 PM

Sham HC wrote...

Configuration is same as author & no additional things required. Seems like other authentication handler may be picked. Change the service ranking of saml authentication handler and verify at http://localhost:4503/system/console/slingauth

 

Thank you for your response but I had tried that. The slingauth does show the SAML Authentication handler above the Day CQ Login selector authenticator. I have even tried disabling the Day CQ Login selector authenticator entirely and still I am never prompted for credentials when I access http://localhost:4503/content/dam/clientdam/assetshare.html (which is an instance of the assetshare page).

Looking at the Authentication Requirement Configuration in the slingauth config I see that on publisher that Authentication required is set to No in there but on Author it has different settings and some things have a Yes for Authentication required. Do I need to change something there and if so how?

Thanks in advance..

表示

2.8K

返信

0
ログインしてこのコンテンツに「いいね!」する

いいね!の合計

翻訳
翻訳

Avatar

正解者
Level 1
Level 1
2015/10/15 7:27:34 PM

"Authentication Required" being set to No means that you're allowing anonymous login to the path specified, which is the default in publish. If you want to enforce login at a specific path, say /content/dam/clientdam, you can configure it in the Sling Authentication Service by adding +/content/dam/clientdam to the authentication requirements.

More about anonymous login with Sling authentication here: http://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html#...

表示

2.7K

返信

0
ログインしてこのコンテンツに「いいね!」する

いいね!の合計

翻訳
翻訳
返信にジャンプ

Avatar

Level 2
Level 2
2015/10/15 7:27:34 PM

Tiffany Wong wrote...

"Authentication Required" being set to No means that you're allowing anonymous login to the path specified, which is the default in publish. If you want to enforce login at a specific path, say /content/dam/clientdam, you can configure it in the Sling Authentication Service by adding +/content/dam/clientdam to the authentication requirements.

More about anonymous login with Sling authentication here: http://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html#...

 

I can't thank you enough! That is exactly what I overlooked when looking at all of the other configuration settings on my publisher for authentication. That did the trick. 

表示

2.8K

返信

0
ログインしてこのコンテンツに「いいね!」する

いいね!の合計

翻訳
翻訳
関連する会話
question on deploying to AEMaaCS (dev env) Solved

表示

138

いいね!

0

返信

3
Error: cannot find symbol only on ui.apps

表示

51

いいね!

0

返信

2
Requires Sample Source code for AEM 6.5 to AEM Cloud Migration

表示

145

いいね!

0

返信

1
Clarification on AEM Guides OOTB Polling Mechanism for Translated Content

表示

824

いいね!

0

返信

3
Persistent Query Execution Works fine in Local Instance Programmatically but not on AEM dev instance

表示

95

いいね!

0

返信

1