Expand my Community achievements bar.

Applications for the 2024-2025 Adobe Experience Manager Champion Program are open!
SOLVED

Adobe Experience Manager Author Instance integration with Azure AD with SAML 2.0

Avatar

Level 1

Hi Team,

I have configured my local AEM set up with SAML 2.0 OOTB authentication handler and I am able to authenticate user.

 

While It is coming to Group Assignment, I have created Local AEM group with same name as Azure AD Security Group.

But user is not getting assigned to this group though it is getting added to default groups specified in SAMl Authentication handler.

 

Few Configurations:

Autocreate CRX Users : True

Add to Groups : True

Group Membership: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups

NameIdPolicy Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Synchronized Attributes: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress=profile/email

                                       http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname=profile/givenName 

                                       http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname... 

 

What I am missing here?

 

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

You can set up a Logger to debug any issues arising from misconfiguring SAML. You can do this by:

  1. Going to the Web Console at http://localhost:4502/system/console/configMgr

  2. Search for and click on the entry called Apache Sling Logging Logger Configuration

  3. Create a logger with the following configuration:

    • Log Level: Debug
    • Log File: logs/saml.log
    • Logger: com.adobe.granite.auth.saml

View solution in original post

2 Replies

Avatar

Community Advisor

@Aditya3343 groupmembership is the field which should get the group name from assertion response from SAML.. so make sure of that.

Avatar

Correct answer by
Community Advisor

You can set up a Logger to debug any issues arising from misconfiguring SAML. You can do this by:

  1. Going to the Web Console at http://localhost:4502/system/console/configMgr

  2. Search for and click on the entry called Apache Sling Logging Logger Configuration

  3. Create a logger with the following configuration:

    • Log Level: Debug
    • Log File: logs/saml.log
    • Logger: com.adobe.granite.auth.saml