Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

[AEM Gems Webinar] Accelerating Experience Manager as a Cloud Service development with Rapid Development Environments

Using AEM with Okta (with increased session duration)


Level 2


We want to integrate AEM with Okta.

However Okta has a short session time that we don't want to change, and we have a requirement for AEM to have a longer session time.

Therefore after authentication with Okta, we somehow need AEM to create its own session that will be valid for x days.

For the purposes of this explanation, Lets assume x=10 days.

After logging in, If the user returns to AEM within those 10 days, then they wouldn't have to login again, and the session would be extended for a further 10 days.

If however the 10 days expires, we would expect the user to have to re-authenticate via Okta.

Please note we have multiple publisher instances, so any solution would need to work irrespective of what publisher instance the user was processed on.

Any ideas?


4 Replies


Level 2

Not specifically

I know Okta is a supported IDM, although my requirement needs to tailor the standard use case of Okta to essentially extend the AEM session (Perhaps by custom auth handlers?)

Looking advice



Level 3

As far as I know once the user is authenticated with the IdP via the SAML request, in AEM you still get a token created and associated with the crx session. Every subsequent request is authenticated via the CRX Token Authentication Handler first before going to the SSO Handler unless you changed the JAAS rankings.

So you should be able to set the AEM session timeout via the Token Configuration and this can be different from Okta.

Since you mentioned this authentication happens on publish instances and you have multiple ones, you should look at configuring the encapsulated token support or sticky sessions in your load balancer.

I hope this helps!