Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Using AEM with Okta (with increased session duration)

Avatar

Level 2
Level 2
‎09-08-2018 00:04 PDT

Hello,

We want to integrate AEM with Okta.

However Okta has a short session time that we don't want to change, and we have a requirement for AEM to have a longer session time.

Therefore after authentication with Okta, we somehow need AEM to create its own session that will be valid for x days.

For the purposes of this explanation, Lets assume x=10 days.

After logging in, If the user returns to AEM within those 10 days, then they wouldn't have to login again, and the session would be extended for a further 10 days.

If however the 10 days expires, we would expect the user to have to re-authenticate via Okta.

Please note we have multiple publisher instances, so any solution would need to work irrespective of what publisher instance the user was processed on.

Any ideas?

Thanks

Views

4.1K

Replies

4

Total Likes

Translate
Translate
4 Replies

Avatar

Level 10
Level 10
‎09-08-2018 06:18 PDT

Have you read in AEM docs this is a supported use case?

Views

3.7K

Replies

2

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
‎09-08-2018 06:23 PDT
In response to smacdonald2008

Not specifically

I know Okta is a supported IDM, although my requirement needs to tailor the standard use case of Okta to essentially extend the AEM session (Perhaps by custom auth handlers?)

Looking advice

Thanks

Views

3.7K

Replies

1

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
‎09-08-2018 06:56 PDT

As far as I know once the user is authenticated with the IdP via the SAML request, in AEM you still get a token created and associated with the crx session. Every subsequent request is authenticated via the CRX Token Authentication Handler first before going to the SSO Handler unless you changed the JAAS rankings.

So you should be able to set the AEM session timeout via the Token Configuration and this can be different from Okta.

Since you mentioned this authentication happens on publish instances and you have multiple ones, you should look at configuring the encapsulated token support or sticky sessions in your load balancer.

I hope this helps!

Views

3.7K

Replies

0

Total Likes

Translate
Translate