AEM 6.4 SAML integration with SSO | Community
Skip to main content
pradeepd1320668
pradeepd1320668
Level 2
November 24, 2020
Solved

AEM 6.4 SAML integration with SSO

  • November 24, 2020
  • 3 replies
  • 5529 views

Hello All,

 

I am integrating AEM with SSO authentication using SAML 2.0

ID provider has provided me below detail.

1. Certificate - This I uploaded in TrustStore, noted the alias name and mentioned in SAML 2.0 authentication handler

2. IDP endpoint URL - This I added in SAML 2.0 authentication handler

3. IDP metadata URL - Not sure where to use this.

 

After following AEM recommended SAML integration steps/process. And did all necessary changes in apache sling referrer filter. Still when I am opening AEM pages, it is not redirecting to SSO login page. I tried open the AEM page after clearing browser history also in chrome incognito mode.

Do I need to do anything in the KeyStore section for authentication-service user? I just set KeyStore password only. ID provider didn't share anything related to KeyStore.

 

All this exercise I am doing in my local author instance. 

 

Please share the links/steps if anyone have solved similar problem?

 

Thanks,

Pradeep

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

3 replies

S
Sandeep6Accepted solution
Level 4
November 24, 2020

Hi @pradeepd1320668 ,

Please follow below articles.

https://helpx.adobe.com/experience-manager/using/aem63_saml.html 

https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/saml-2-0-authenticationhandler.html?lang=en#configure-a-logger-for-saml 

Thanks,

Sandeep.

    pradeepd1320668
    pradeepd1320668Author
    Level 2
    November 24, 2020
    As per this article (https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/saml-2-0-authenticationhandler.html#security)we need keystore file and certificate chain files. DO we really need these?
    Ankur_Khare
    Community Advisor
    Ankur_KhareCommunity Advisor
    Community Advisor
    November 24, 2020

    Hi,

    Metadata would be used to create certificates.

    And saml to work properly you need to update sling auth with relevant filters where saml should be called .

      Ankur_Khare
      Community Advisor
      Ankur_KhareCommunity Advisor
      Community Advisor
      November 26, 2020

      Recently i did the saml integration -

       

      1. you need to get the end points and you need to update the same in saml config.

      2. You need to get the certificate from the team(in our case it was open am).

      3. Certificate which you recieved need to be uploaded in truststore and get the unique id, update  the same in idp certificate alias-

      4. update the idp url

      5. update service provider entity id

       

       

       

      Once above is completed-

       

      Check sling auth config where you want to trigger the saml config-

       

       

      Update the authentication requirements config.

       

      Also do update the sling referrer filter to allow your sso domain-

       

       

       

      Create the keystore for authentication service user.

       

      Then it should work.

        pradeepd1320668
        pradeepd1320668Author
        Level 2
        November 26, 2020
        Yes it is working after adding entry to 'sling authentication service'. Only issue is my page is redirecting to same page infinitely.
        Terms & ConditionsAccessibility statement

        Loading footer...