Your achievements

0% to

Tip / to gain points, level up, and earn exciting badges like the new

Adobe Experience Manager Sites & More

July 31st AEM Gems Webinar: Elevate your AEM development to master the integration of private GitHub repositories within AEM Cloud Manager.

Register Now

SOLVED

aem 6.5 sp13 SAML with azure AD, user is created with random string in user principal

Hello,
I am following this blog post
https://blog.developer.adobe.com/saml-authentication-in-aem-using-microsoft-azure-active-directory-3...
and also microsoft official documentation
https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/adobe-identity-management-tutorial

to integrate azure ad with author 6.5 sp 13 saml auth.

Authentication works but the user is always created with principalname with a random string

I tried to configure aem saml User ID attribute with emailaddress , uid, nameid but no luck
in azure saml token claims I see

<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
<AttributeValue>Andrea</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
<AttributeValue>Mysurname</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
<AttributeValue>mymail@example.com</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
<AttributeValue>mymail@example.com</AttributeValue>
</Attribute>

any suggestion on how to configure Userid attribute or Synchronized attributes
for example mapping claims to user properties like:

surname->familyName

givenname->givenName

Thanks

690

2

1 Accepted Solution

Correct answer by

Hi @AndreaB69 , can you try below and let us know if it works

userIDAttribute="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
synchronizeAttributes="[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/surName,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email,http://schemas.microsoft.com/ws/2008/06/identity/claims/groups\=profile/groups]"

Thanks,

Srikanth Pogula

View solution in original post

681

1

Jump to reply

2 Replies

Correct answer by

Hi @AndreaB69 , can you try below and let us know if it works

userIDAttribute="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
synchronizeAttributes="[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/surName,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email,http://schemas.microsoft.com/ws/2008/06/identity/claims/groups\=profile/groups]"

Thanks,

Srikanth Pogula

682

1

Jump to reply

Thanks
it did work
this are the current sync attributes I have
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress=profile/email
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname=profile/givenName
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname=profile/familyName

675

0

Related Conversations

How to update/migrate content from lower to higher enviromnemt in AEM as a CS?

117

0

5

Aem Asset API authentication

57

0

1

Can we persist GraphQL query in AEM passed to backend external server. (Non content Fragment Queries)?

81

0

1

AEM integration with Azure isn't working for group

114

0

4

Want to understand why MSSQL and MySQL is still Experimental Configuration in the docs

67

0

1