I am looking for an approach on how to design CQ integration using SSO with below options.
<<This is specifically for CQ 5.4/5.5 as 5.6 provides SAML integration OOB>>
1. LDAP with SSO in harmony - User getting created in CRX once LDAP authenticates it. This can use OOB LDAP Module
2. Using SAML - with external Identity Provider to authenticate user. This requires custom LoginModule. (Integration using Open Source or SiteMinder or
providers like Gigya or Cloud-based IdentityProvider)
Also, is it possible to use LDAP LoginModule(OOB) and Custom JAAS LoginModule on single repository.xml? Do we foresee any issues?
Appreciate any inputs or experience with similar implementation
As you can use multiple modules within single repository. Ex:- The module settings at  This module tries to authenticate a user based on the users stored in CRX. If user is not authenticated it uses next module LDAPLoginModule. If all module could not authenticate then request fails. More details go through below links.