Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Using LDAP for Authorization

We would like to use an external SAML-based mechanism for single-sign-on between AEM and other platforms. From there, we would like to populate that user with authorization information (roles, user type) pulled from another external system.

A few questions:

  1. I know that both authentication and authorization could be done with external LDAP. Could I do authentication via SAML (not LDAP), and then authorization via LDAP?
  2. If so, is there a programmatic way I could do the second part (authorization, meaning group and user type population) with my own custom provider?

Thanks, Gary

3 Replies

Avatar

Administrator

Hi, 

This is not the answer to you question but i would like to share with you one reference article:- https://helpx.adobe.com/experience-manager/kb/saml-demo.html

I hope other experts would help you here.

~kautuk

Thanks. It helps with authentication, but doesn't answer my authorization questions.

I see from this document (http://wwwimages.adobe.com/content/dam/Adobe/en/security/pdfs/adobe-aem-managed-services-security.pd...) that custom security integrations are possible. Who can explain to me exactly what that means?

Thanks, Gary

Avatar

Level 3

write a custom authentication handler by implementing AuthenticationHandler and custom login module by extending AbstractLoginModule.

Authentication handler - get user id from request and set to Credentials