Adobe Experience Manager Author Instance integration with Azure AD with SAML 2.0

Question

Hi Team,I have configured my local AEM set up with SAML 2.0 OOTB authentication handler and I am able to authenticate user. While It is coming to Group Assignment, I have created Local AEM group with same name as Azure AD Security Group.But user is not getting assigned to this group though it is getting added to default groups specified in SAMl Authentication handler. Few Configurations:Autocreate CRX Users : TrueAdd to Groups : TrueGroup Membership: http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsNameIdPolicy Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressSynchronized Attributes: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress=profile/email                                       http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname=profile/givenName                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname=profile/familyName  What I am missing here?

rawvarun · Accepted Answer

You can set up a Logger to debug any issues arising from misconfiguring SAML. You can do this by:

Going to the Web Console at http://localhost:4502/system/console/configMgr
Search for and click on the entry called Apache Sling Logging Logger Configuration
Create a logger with the following configuration:
- Log Level: Debug
- Log File: logs/saml.log
- Logger: com.adobe.granite.auth.saml

Shashi_Mulugu · Answer

@aditya3343 groupmembership is the field which should get the group name from assertion response from SAML.. so make sure of that.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded