Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Adobe Summit 2023 [19th to 23rd March, Las Vegas and Virtual] | Complete AEM Session & Lab list

AEM 6.3 SAML Integration


Level 1

We are trying to integrate AEM 6.3 with SecureAuth SAML .

We are following the instructions in SAML 2.0 Authentication Handler

When we follow the instructions for the TrustStore Management and load the certificate file, we get error as seen below.

the file name that we are trying to load from the secureAuth is certificate.wse3.cer


Also we'd like to understand what values to put for UserId Attribute and Group Membership  in SAML 2.0 Authentication Handler configuration.

as per the instruction in Demonstration of AEM and SAML integration


Thank you


0 Replies


Employee Advisor

Most Likely the certificate is invalid or in incorrect format.

Check the logs when you are trying to upload the certificate for more details.

User-ID Attribute:- Check this with the IDP team on which attribute will contain the user ID as part of SAML response. Then, update that attribute name here.

Group Membership:- Check this with the IDP team on which attribute will contain the list of CRX groups this user should be added to as part of SAML response. Then, update that attribute name here.


Level 2

Hi Smacdonald,

I followed the instruction and tried to make it working for http://localhost:4502, it doesn't work. It's weird that it works for 4503 (Publish Instance) but not 4502 (Author Instance). Any idea?

Another issue is when I was using the certificate provided by Integrating SAML with Adobe Experience Manager for 4503, it's ok, but when I was using the certificate download from my SSOCircle accout Download the SSOCircle CA Certificate, I got "Invalid SAML Token". Any idea?

Thanks for the help.

Best Regards,



Level 5

Hello kevinh6115

I am checking to see if this still an issue.

If yes, then please let me know in what sense is it not working for the author server? It's possible that in addition to the SAML configuration, your Sling Authentication Service needs some reconfiguration to make it work.

And regarding the Invalid SAML Token for the SSOCircle, it's likely that the error is related to the encoding of the certificate. To solve it, basically the certificate needs to be trimmed to enter a new line every 65th column. If you look at the certificate in Shared Files - , you'll see that a newline is introduced every 65th line.

I hope this helps.

Best Regards,

Aneet Arora