Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

AEM Integration with Microsoft Active Directory for SSO

adithyaa4585051
Level 2
Level 2

Hello All,

 

We are trying to implement SSO with Microsoft AD, can you please help with the doucmentation links or implementation process?

 

Thanks,

Adithya.

1 Accepted Solution
bilal_ahmad
Correct answer by
Level 5
Level 5

Hi @adithyaa4585051 ,

SAML authentication would do, I believe. After you configure your AEM (trust store and keystore), and "Adobe Granite SAML 2.0 Authentication Handler" on config browser. It'd be done easily than you ever thought.

Reference: SAML 2.0 Authentication Handler

In addition to that you need certificate chain for your domain and private key(your IT/web-hosting dept will provide that.

Thanks,

Bilal.

View solution in original post

6 Replies
bilal_ahmad
Correct answer by
Level 5
Level 5

Hi @adithyaa4585051 ,

SAML authentication would do, I believe. After you configure your AEM (trust store and keystore), and "Adobe Granite SAML 2.0 Authentication Handler" on config browser. It'd be done easily than you ever thought.

Reference: SAML 2.0 Authentication Handler

In addition to that you need certificate chain for your domain and private key(your IT/web-hosting dept will provide that.

Thanks,

Bilal.

View solution in original post

adithyaa4585051
Level 2
Level 2

Thanks for your kind help. I am trying to implement this in AEM 6.5 and I see an other issue.

 

I am trying to implenment SAMLin AEM 6.5 by referencing this document-> https://helpx.adobe.com/experience-manager/using/aem63_saml.html

 

In AEM 6.5, I don't see a trust store option under a user. when I tried to do the same in AEM 6.3 I am able to see it. Can you please help me here?

 

I saw aem 6.5 administration document, but it is pointiing to aem 6.3 saml implementation which I am referencing as abaove.  PLease let me know If I need to reference any other documentation

 

P F A below for both the images.6.3 pic.PNG6.5 pic.PNG

 

Thanks,
Adithya.

 

 

bilal_ahmad
Level 5
Level 5

Hi @adithyaa4585051,

Yes, the official documentation is confusing. However, for testing purpose, you may follow Integrating SAML with Adobe Experience Manager to:

1. Setting up the Identity provider.

2. Download the IDP certificate from here :

sso-circle.PNG

3. After that, create a password( and make a note - you'll need it to configure Saml 2 Auth Handler later on) for Global trust store (located here - /libs/granite/security/content/truststore.html)

4. Upload the certificate that you downloaded(step 2) here, and map it with 'authentication-service' user[not there in my screenshot]:
trust-store-upload-cert.PNG

It will then generate an alias name(note it down somewhere):
trust-store-upload-cert.PNG

5. Make an entry at Allow Hosts(Apache Sling referrer Filter):
sling-referrer.PNG

6. configure 'Adobe Granite SAML 2.0 Authentication Handler' - https://helpx.adobe.com/experience-manager/using/aem63_saml.html#ConfiguretheSAML20AuthenticationHan...

7. Configure a logger (optional) - https://helpx.adobe.com/experience-manager/using/aem63_saml.html#ConfigureaLoggerforSAML

7. Define CUG permissions for your root page(i've added here - http://localhost:4502/sites.html/content/we-retail/us😞 cug.PNG

 

That's it! now try accessing the page(http://localhost:4502/sites.html/content/we-retail/us) in incognito(i'm assuming you'd have saved username and password in your browser).

 

Hope that helps.

 

Thanks,

Bilal.