Expand my Community achievements bar.

SOLVED

SSO with AEM - Read SAML response

Avatar

Level 2

I am trying to use AuthenticationInfoPostProcessor to read SAML response and do some business logic in AEM as cloud service.

Facing following issues:

1. Getting multiple hits to this class - want to know what event invokes the postProcess method of this class?

2. When the user is logging in through SSO, IDP is redirecting to <publish domain>/content/<abc>/saml_login but when i am trying to check the same condition in post processor, this does not seem to work. Below is the code snippet that i am using:

 

public void postProcess(AuthenticationInfo info, HttpServletRequest request, HttpServletResponse response)

throws LoginException {

HttpServletResponse httpResponse = null;

HttpServletRequest httpRequest = null;

try {

LOGGER.info("SAMLResponse Post Processor invoked");

httpResponse = response;

httpRequest = request;

String pathInfo = httpRequest.getPathInfo();

if (StringUtils.isNotEmpty(pathInfo) && pathInfo.contains("saml_login")) {

LOGGER.info("SAMLResponse Post Processor processing ...");

String responseSAMLMessage = httpRequest.getParameter("saml_login");

if (StringUtils.isNotEmpty(responseSAMLMessage)) {

LOGGER.info("responseSAMLMessage:" + responseSAMLMessage);

 

I am getting multiple entries of first logger in the logs but its not going to if block on successful saml_login.

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Hi,

 

  1. Regarding the issue you're facing with the SAML response and the postProcess method not entering the if block, there could be a couple of reasons for this behavior:

    a.  Make sure that the pathInfo variable contains the correct value by logging or debugging it. It should reflect the path of the request URL.

    b. Please check that the condition pathInfo.contains("saml_login") accurately matches the path you expect for SAML login requests. It's possible that the condition is not evaluating as expected, causing the code block to be skipped.

    c.Kindly confirm that the parameter name used to retrieve the SAML response matches the one provided by the SSO IDP. In your code snippet, you're using "saml_login" as the parameter name. Make sure it matches the actual parameter name used in the SSO redirect.

     

View solution in original post

1 Reply

Avatar

Correct answer by
Employee Advisor

Hi,

 

  1. Regarding the issue you're facing with the SAML response and the postProcess method not entering the if block, there could be a couple of reasons for this behavior:

    a.  Make sure that the pathInfo variable contains the correct value by logging or debugging it. It should reflect the path of the request URL.

    b. Please check that the condition pathInfo.contains("saml_login") accurately matches the path you expect for SAML login requests. It's possible that the condition is not evaluating as expected, causing the code block to be skipped.

    c.Kindly confirm that the parameter name used to retrieve the SAML response matches the one provided by the SSO IDP. In your code snippet, you're using "saml_login" as the parameter name. Make sure it matches the actual parameter name used in the SSO redirect.