Expand my Community achievements bar.

Elevate your expertise and be recognized as a true influencer! Nominations for the exclusive Adobe Community Advisor program 2023 are now OPEN.
SOLVED

Adobe Experience Manager Author Instance integration with Azure AD with SAML 2.0

Avatar

Level 1

Hi Team,

I have configured my local AEM set up with SAML 2.0 OOTB authentication handler and I am able to authenticate user.

 

While It is coming to Group Assignment, I have created Local AEM group with same name as Azure AD Security Group.

But user is not getting assigned to this group though it is getting added to default groups specified in SAMl Authentication handler.

 

Few Configurations:

Autocreate CRX Users : True

Add to Groups : True

Group Membership: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups

NameIdPolicy Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Synchronized Attributes: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress=profile/email

                                       http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname=profile/givenName 

                                       http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname... 

 

What I am missing here?

 

 

1 Accepted Solution

Avatar

Correct answer by
Level 7

You can set up a Logger to debug any issues arising from misconfiguring SAML. You can do this by:

  1. Going to the Web Console at http://localhost:4502/system/console/configMgr

  2. Search for and click on the entry called Apache Sling Logging Logger Configuration

  3. Create a logger with the following configuration:

    • Log Level: Debug
    • Log File: logs/saml.log
    • Logger: com.adobe.granite.auth.saml
2 Replies

Avatar

Community Advisor

@Aditya3343 groupmembership is the field which should get the group name from assertion response from SAML.. so make sure of that.

Avatar

Correct answer by
Level 7

You can set up a Logger to debug any issues arising from misconfiguring SAML. You can do this by:

  1. Going to the Web Console at http://localhost:4502/system/console/configMgr

  2. Search for and click on the entry called Apache Sling Logging Logger Configuration

  3. Create a logger with the following configuration:

    • Log Level: Debug
    • Log File: logs/saml.log
    • Logger: com.adobe.granite.auth.saml