Adobe Experience Manager Sites & More

Aditya3343 · 4/26/23

Hi Team,

I have configured my local AEM set up with SAML 2.0 OOTB authentication handler and I am able to authenticate user.

While It is coming to Group Assignment, I have created Local AEM group with same name as Azure AD Security Group.

But user is not getting assigned to this group though it is getting added to default groups specified in SAMl Authentication handler.

Few Configurations:

Autocreate CRX Users : True

Add to Groups : True

NameIdPolicy Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

What I am missing here?

rawvarun · 5/30/23

You can set up a Logger to debug any issues arising from misconfiguring SAML. You can do this by:

Going to the Web Console at http://localhost:4502/system/console/configMgr
Search for and click on the entry called Apache Sling Logging Logger Configuration
Create a logger with the following configuration:
- Log Level: Debug
- Log File: logs/saml.log
- Logger: com.adobe.granite.auth.saml

Shashi_Mulugu · 5/8/23

@Aditya3343 groupmembership is the field which should get the group name from assertion response from SAML.. so make sure of that.

rawvarun · 5/30/23

You can set up a Logger to debug any issues arising from misconfiguring SAML. You can do this by:

Going to the Web Console at http://localhost:4502/system/console/configMgr
Search for and click on the entry called Apache Sling Logging Logger Configuration
Create a logger with the following configuration:
- Log Level: Debug
- Log File: logs/saml.log
- Logger: com.adobe.granite.auth.saml

Adobe Experience Manager Author Instance integration with Azure AD with SAML 2.0