since ‎24-11-2020
10 hours ago
ankitg2807
Level 1
Re: Role based authorization after SAML Authentication
Avatar

ankitg2807

ankitg2807
- Adobe Experience Manager
Hi,Thanks for pointing this out. As I mentioned earlier I dont have fixed groups which I can preset in AEM. Groups keep getting created & deleted in Active Directory. The filter I have written works fine for ".html" but was allowing access to page json as you mentioned, so I changed the filter to run on ".json" also and that prevents access to page json also. Is this approach fine ? Will the filter cause any performance issue since it will evaluate all html & json requests ?Thanks!

Views

104

Likes

0

Replies

0
Re: Role based authorization after SAML Authentication
Avatar

ankitg2807

ankitg2807
- Adobe Experience Manager
Thanks for your comments. I have written Servlet filter code in which I am able to get page properties , including security groups. But before that I need to check if the page is secured or not. I am not able to get "cq:authenticationRequired" or "jcr:mixinTypes" in filter code. These are set when we check 'Enable Authentication' checkbox in Advanced page properties. In CRX DE , I dont see "cq:authenticationRequired" in jcr:content node properties, I do see "jcr:mixinTypes" as property of page n...

Views

137

Likes

0

Replies

0
Re: Role based authorization after SAML Authentication
Avatar

ankitg2807

ankitg2807
- Adobe Experience Manager
Thanks for your response . Actually the groups are not fixed . New groups keep getting created for different campaigns , so I need to build it in a way so that I can assign any group to a page and during login Okta will tell me whether the user is part of that group. Following the filter approach suggested by sanketk90166544

Views

121

Likes

0

Replies

0
Role based authorization after SAML Authentication
Avatar

ankitg2807

ankitg2807
- Adobe Experience Manager
Hi, I have a requirement to add role based authorization for some secure pages. I want to set a property for pages called "Security Groups". This property will contain group names which shall have access to that page. I have configured SAML authn handler with Okta IDP . After login when SAML response is submitted to AEM ACS url , viz - /content/****/saml_login , I want to read the "Security Groups" from page property and groups of loggedin user from SAML response , and if there is a match betwee...

Views

260

Likes

0

Replies

9
SAML authentication does not redirect to original page
Avatar

ankitg2807

ankitg2807
- Adobe Experience Manager
Hi,We have configured SAML Authn handler in our AEM 6.5 . We have a public page (ex - /content/test/mypage.html ) which has a link to login page , ex - /content/test/login.html.Login page URL is configured in SAML Authentication handler & Sling Authentication Service. On click of login link, we redirect to http://localhost:4503/content/test/login.html?saml_request_path=http://localhost:4503/content/test/mypage.html . This takes us to Okta IDP login page and Okta then submits SAML response to ACS...

Views

138

Likes

0

Replies

1
Likes given to