Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
SOLVED

Validate login-token programatically

Avatar

Level 3

I am using SAML authentication in AEM which creates user in AEM. I have written a SamlResponsePostProcessor in which I am obtaining the userid and token of the user using AuthenticationInfo object. These details (userid & token) I am sending it to a separate application. The separate application then needs to  makes HTTP call to AEM Servlet APIs by passing this token . Before sending the response I need to validate the authenticity and if the token is expired or not programatically.

How we can validate the token authenticity programatically in AEM 6.5 ?

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @ravir73578276 ,

You can use SlingAuthenticator.
The Sling Authentication Service provides a method called login(HttpServletRequest request) which can be used to validate the authenticity of the user token.

 

Reference: 

https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html 
https://github.com/apache/sling-org-apache-sling-auth-core/blob/master/src/main/java/org/apache/slin... 

 

View solution in original post

2 Replies

Avatar

Correct answer by
Community Advisor

Hi @ravir73578276 ,

You can use SlingAuthenticator.
The Sling Authentication Service provides a method called login(HttpServletRequest request) which can be used to validate the authenticity of the user token.

 

Reference: 

https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html 
https://github.com/apache/sling-org-apache-sling-auth-core/blob/master/src/main/java/org/apache/slin... 

 

Avatar

Level 9

hello,

if you refer https://kbwebconsult.com/authentication-handler-in-aem-custom-approach/ and look at method obtainUserId(token) which returns the userid can be used as to cross verify if the token still valid and verify against userid.