Token authorization in AEM

Question

Hi,
 
We have configured our instances with SSO SAML configuration.
Authentication is working fine with SSO Azure Sign in.
But when a third party consumes our pages or ajax calls to fetch some internal data, they are getting 401 Un Authorized,
As a tenant we have created an APP with client id, secret and mentioned scope. With this, third party is able to generate token. But when they use token, they are getting 401. The reason is AEM is accepting only saml response currently. 
Is it something like, we have to configure OAuth as well for third party token authorization ?
 
Or any documentation for Oauth token authorization will be fine
 
Please suggest

aanchal-sikka · Accepted Answer

Hello @akhilraj

A custom Authentication Handler would be required to achieve this. It would validate the token and signature (with the public cert from the AEM truststore that belongs to the private key the token is signed with)

If successful, the user would be logged in and accordingly the response can be created.

Another option is to use Adobe IMS JWT and AEM Access Token

https://experience-aem.blogspot.com/2021/07/aem-cloud-service-get-adobe-ims-jwt-and-aem-access-token-using-post-man-aem-sso.html

Mani_kumar_ · Answer

Please find the references discussed in the thread for custom authentication handler.

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/how-to-create-custom-authentication-handler/m-p/238421

Hope this is helpful.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded