Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
Read More.

Using LDAP for Authorization

Avatar

Former Community Member
9/27/16 12:55:16 PM

We would like to use an external SAML-based mechanism for single-sign-on between AEM and other platforms. From there, we would like to populate that user with authorization information (roles, user type) pulled from another external system.

A few questions:

  1. I know that both authentication and authorization could be done with external LDAP. Could I do authentication via SAML (not LDAP), and then authorization via LDAP?
  2. If so, is there a programmatic way I could do the second part (authorization, meaning group and user type population) with my own custom provider?

Thanks, Gary

Views

2.3K

Replies

6

Total Likes

Translate
Translate
6 Replies

Avatar

Administrator
Administrator
9/28/16 2:34:49 AM

Hi, 

This is not the answer to you question but i would like to share with you one reference article:- https://helpx.adobe.com/experience-manager/kb/saml-demo.html

I hope other experts would help you here.

~kautuk



Kautuk Sahni

Views

2.2K

Replies

5
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Former Community Member
10/11/16 10:23:32 AM
In response to kautuk_sahni

Thanks. It helps with authentication, but doesn't answer my authorization questions.

I see from this document (http://wwwimages.adobe.com/content/dam/Adobe/en/security/pdfs/adobe-aem-managed-services-security.pd...) that custom security integrations are possible. Who can explain to me exactly what that means?

Thanks, Gary

Views

2.2K

Replies

4

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
10/14/16 8:47:24 AM
In response to Deleted Account

write a custom authentication handler by implementing AuthenticationHandler and custom login module by extending AbstractLoginModule.

Authentication handler - get user id from request and set to Credentials

Views

2.2K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Former Community Member
10/14/16 9:41:13 AM
In response to aem_dev1

Can I handle authorization as part of that custom handler?

Thanks, Gary

Views

2.2K

Replies

2

Total Likes

Translate
Translate

Avatar

Former Community Member
10/14/16 11:31:46 AM
In response to smacdonald2008

Thanks. That is specifically for authentication, not authorization.

Can I also create handlers for authorization via the same JAAS mechanism as described here?

http://docs.oracle.com/javase/8/docs/technotes/guides/security/jaas/JAASRefGuide.html#Authorization

Gary

Views

2.2K

Replies

0

Total Likes

Translate
Translate
Related Conversations
Batch Script for Efficient AEM Upgrade: A Developer's Time-Saving Tool

Views

83

Likes

3

Replies

0
While content movement in Language master, live copy relation is not established for some of the pages.

Views

102

Likes

0

Replies

0
Enhance content/asset search in AEM DAM/Azure Storage using FAISS vector database

Views

293

Likes

2

Replies

1
Custom oak:index for content fragment causing issue on query result

Views

193

Likes

0

Replies

4
Netcentric ACL tool same user group for separate environments

Views

177

Likes

0

Replies

2