Adobe Experience Manager Sites & More

Report · 9/27/16

We would like to use an external SAML-based mechanism for single-sign-on between AEM and other platforms. From there, we would like to populate that user with authorization information (roles, user type) pulled from another external system.

A few questions:

I know that both authentication and authorization could be done with external LDAP. Could I do authentication via SAML (not LDAP), and then authorization via LDAP?
If so, is there a programmatic way I could do the second part (authorization, meaning group and user type population) with my own custom provider?

Thanks, Gary

kautuk_sahni · 9/28/16

Hi,

This is not the answer to you question but i would like to share with you one reference article:- https://helpx.adobe.com/experience-manager/kb/saml-demo.html

I hope other experts would help you here.

~kautuk

Kautuk Sahni

Report · 10/11/16

Thanks. It helps with authentication, but doesn't answer my authorization questions.

I see from this document (http://wwwimages.adobe.com/content/dam/Adobe/en/security/pdfs/adobe-aem-managed-services-security.pd...) that custom security integrations are possible. Who can explain to me exactly what that means?

Thanks, Gary

aem_dev1 · 10/14/16

write a custom authentication handler by implementing AuthenticationHandler and custom login module by extending AbstractLoginModule.

Authentication handler - get user id from request and set to Credentials

Report · 10/14/16

Can I handle authorization as part of that custom handler?

Thanks, Gary

smacdonald2008 · 10/14/16

You can write an OAK authentication handler:

http://scottsdigitalcommunity.blogspot.com/2015/09/creating-external-oak-login-module-for.html

Hope this helps....

Report · 10/14/16

Thanks. That is specifically for authentication, not authorization.

Can I also create handlers for authorization via the same JAAS mechanism as described here?

http://docs.oracle.com/javase/8/docs/technotes/guides/security/jaas/JAASRefGuide.html#Authorization

Gary

Adobe Experience Manager Sites & More

Using LDAP for Authorization

Kautuk Sahni

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe