Expand my Community achievements bar.

Radically easy to access on brand approved content for distribution and omnichannel performant delivery. AEM Assets Content Hub and Dynamic Media with OpenAPI capabilities is now GA.
SOLVED

Token authorization in AEM

Avatar

Level 6

Hi,

 

We have configured our instances with SSO SAML configuration.

Authentication is working fine with SSO Azure Sign in.

But when a third party consumes our pages or ajax calls to fetch some internal data, they are getting 401 Un Authorized,

As a tenant we have created an APP with client id, secret and mentioned scope. With this, third party is able to generate token. But when they use token, they are getting 401. The reason is AEM is accepting only saml response currently. 

Is it something like, we have to configure OAuth as well for third party token authorization ?

 

Or any documentation for Oauth token authorization will be fine

 

Please suggest

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hello @akhilraj 

 

A custom Authentication Handler would be required to achieve this. It would validate the token and signature (with the public cert from the AEM truststore that belongs to the private key the token is signed with)

 

If successful, the user would be logged in and accordingly the response can be created.

 

Another option is to use Adobe IMS JWT and AEM Access Token

https://experience-aem.blogspot.com/2021/07/aem-cloud-service-get-adobe-ims-jwt-and-aem-access-token...


Aanchal Sikka

View solution in original post

3 Replies

Avatar

Correct answer by
Community Advisor

Hello @akhilraj 

 

A custom Authentication Handler would be required to achieve this. It would validate the token and signature (with the public cert from the AEM truststore that belongs to the private key the token is signed with)

 

If successful, the user would be logged in and accordingly the response can be created.

 

Another option is to use Adobe IMS JWT and AEM Access Token

https://experience-aem.blogspot.com/2021/07/aem-cloud-service-get-adobe-ims-jwt-and-aem-access-token...


Aanchal Sikka

Avatar

Level 6

Thanks @aanchal-sikka .

Is there any examples for custom authentication handler creation.?

The cert we installed in AEM trust store for SAML configuration already.

 

And our version of AEM is 6.5, so the second approach will work here ?

 

Avatar

Community Advisor

Please find the references discussed in the thread for custom authentication handler.

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/how-to-create-custom-authe...

 

Hope this is helpful.