Adobe Experience Manager Sites & More

ravir73578276 · 4/26/23

I am using SAML authentication in AEM which creates user in AEM. I have written a SamlResponsePostProcessor in which I am obtaining the userid and token of the user using AuthenticationInfo object. These details (userid & token) I am sending it to a separate application. The separate application then needs to makes HTTP call to AEM Servlet APIs by passing this token . Before sending the response I need to validate the authenticity and if the token is expired or not programatically.

How we can validate the token authenticity programatically in AEM 6.5 ?

Anmol_Bhardwaj · 4/26/23

Hi @ravir73578276 ,

You can use SlingAuthenticator.
The Sling Authentication Service provides a method called login(HttpServletRequest request) which can be used to validate the authenticity of the user token.

Reference:

https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html
https://github.com/apache/sling-org-apache-sling-auth-core/blob/master/src/main/java/org/apache/slin...

View solution in original post

Anmol_Bhardwaj · 4/26/23

Hi @ravir73578276 ,

You can use SlingAuthenticator.
The Sling Authentication Service provides a method called login(HttpServletRequest request) which can be used to validate the authenticity of the user token.

Reference:

https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html
https://github.com/apache/sling-org-apache-sling-auth-core/blob/master/src/main/java/org/apache/slin...

Pawan-Gupta · 4/26/23

hello,

if you refer https://kbwebconsult.com/authentication-handler-in-aem-custom-approach/ and look at method obtainUserId(token) which returns the userid can be used as to cross verify if the token still valid and verify against userid.

Adobe Experience Manager Sites & More

Validate login-token programatically

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe