AEM 6.4 SAML integration with SSO

Avatar

Avatar
Validate 1
Level 1
pradeepd1320668
Level 1

Likes

2 likes

Total Posts

30 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Ignite 1
Give Back
Boost 1
View profile

Avatar
Validate 1
Level 1
pradeepd1320668
Level 1

Likes

2 likes

Total Posts

30 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Ignite 1
Give Back
Boost 1
View profile
pradeepd1320668
Level 1

23-11-2020

Hello All,

 

I am integrating AEM with SSO authentication using SAML 2.0

ID provider has provided me below detail.

1. Certificate - This I uploaded in TrustStore, noted the alias name and mentioned in SAML 2.0 authentication handler

2. IDP endpoint URL - This I added in SAML 2.0 authentication handler

3. IDP metadata URL - Not sure where to use this.

 

After following AEM recommended SAML integration steps/process. And did all necessary changes in apache sling referrer filter. Still when I am opening AEM pages, it is not redirecting to SSO login page. I tried open the AEM page after clearing browser history also in chrome incognito mode.

Do I need to do anything in the KeyStore section for authentication-service user? I just set KeyStore password only. ID provider didn't share anything related to KeyStore.

 

All this exercise I am doing in my local author instance. 

 

Please share the links/steps if anyone have solved similar problem?

 

Thanks,

Pradeep

 

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Validate 1
Level 4
Sandeep6
Level 4

Likes

56 likes

Total Posts

66 posts

Correct reply

15 solutions
Top badges earned
Validate 1
Give Back
Boost 50
Boost 5
Boost 3
View profile

Avatar
Validate 1
Level 4
Sandeep6
Level 4

Likes

56 likes

Total Posts

66 posts

Correct reply

15 solutions
Top badges earned
Validate 1
Give Back
Boost 50
Boost 5
Boost 3
View profile
Sandeep6
Level 4

24-11-2020

Answers (2)

Answers (2)

Avatar

Avatar
Ignite 1
MVP
Ankur_Khare
MVP

Likes

159 likes

Total Posts

370 posts

Correct reply

58 solutions
Top badges earned
Ignite 1
Validate 10
Validate 1
Give Back 50
Give Back 5
View profile

Avatar
Ignite 1
MVP
Ankur_Khare
MVP

Likes

159 likes

Total Posts

370 posts

Correct reply

58 solutions
Top badges earned
Ignite 1
Validate 10
Validate 1
Give Back 50
Give Back 5
View profile
Ankur_Khare
MVP

26-11-2020

Recently i did the saml integration -

 

1. you need to get the end points and you need to update the same in saml config.

2. You need to get the certificate from the team(in our case it was open am).

3. Certificate which you recieved need to be uploaded in truststore and get the unique id, update  the same in idp certificate alias-

4. update the idp url

5. update service provider entity id

 

Ankur_Khare_0-1606387794086.png

 

 

Once above is completed-

 

Check sling auth config where you want to trigger the saml config-

Ankur_Khare_1-1606388056165.png

 

 

Update the authentication requirements config.

 

Also do update the sling referrer filter to allow your sso domain-

 

Ankur_Khare_2-1606388151605.png

 

 

Create the keystore for authentication service user.

 

Then it should work.

Avatar

Avatar
Ignite 1
MVP
Ankur_Khare
MVP

Likes

159 likes

Total Posts

370 posts

Correct reply

58 solutions
Top badges earned
Ignite 1
Validate 10
Validate 1
Give Back 50
Give Back 5
View profile

Avatar
Ignite 1
MVP
Ankur_Khare
MVP

Likes

159 likes

Total Posts

370 posts

Correct reply

58 solutions
Top badges earned
Ignite 1
Validate 10
Validate 1
Give Back 50
Give Back 5
View profile
Ankur_Khare
MVP

24-11-2020

Hi,

Metadata would be used to create certificates.

And saml to work properly you need to update sling auth with relevant filters where saml should be called .