We are trying to leverage SAML Authentication Handler for SSO in our application. In Adobe Granite SAML 2.0 Authentication Handler configuration Autocreate CRX Users is checked. After successful authentication, user gets created in crx along with that we can find a property samlResponse at user node which contains encrypted SAML response.
Is there anyway we can avoid storing SAML response in crx as we are not authorized to store user personal information like email, phone etc...?
I believe this is working as designed. In case you would like to make it more secure, you can turn on the encryption and have the encrypted response saved in AEM so that it can only be decoded using the private key.
Any references on custom AuthenticationInfoPostProcessor where i can get SAML response from request, read it to get details in AEM 6.4 instead of decrypting samlResponse property from user node after successful login?