Level 2

Solved

AEM SAML Configuration in code repository

Forum|Forum|7 years ago
February 26, 2018
11 replies
7735 views

I configured AEM SAML integration on author instance and it just works fine. Now this was time to put the config in code repository. So:

1. I put that config in the code repository (at /apps/<project-folder>/config.author.dev/com.adobe.granite.auth.saml.SamlAuthenticationHandler-myproject.xml

2. Deleted the manually created SAML configuration in Felix Console.

2. Performed a build

3. I see the SAML config added by code

4. I hit Author URL and it doesn't take me to IDP login page.

5. I go to felix, open SAML config, click Save (without touching anything else)

6. I hit Author URL again and now it takes me to IDP login page.

Any reason?

Thanks in advance!!

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by pankajrohira

Hi Kunal,

The jcr:data structure, I meant if you are directly adding this file in CRXDE temporarily for testing. But in order to add this file into code base, you can create it as a "regular" file.

1. Name the file as: "com.adobe.granite.auth.saml.SamlAuthenticationHandler-<Project_Identifier>.config" (Make sure it is a regular file in Eclipse or IntelliJ); no need to add extension ".xml" at the end.

2. Inside this file, just add the configuration like a regular text. Please see below:

# Configuration created by Apache Sling JCR Installer

keyStorePassword="keystorepass"

service.ranking=I"5002"

idpHttpRedirect=B"false"

createUser=B"true"

defaultRedirectUrl="/content/project/en/aem-assets.html"

userIDAttribute="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"

assertionConsumerServiceURL=""

defaultGroups=["contributors"]

signatureMethod="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"

idpCertAlias="certalias___xxxxxxxxxxxx"

addGroupMemberships=B"true"

path=["/content/projects"]

digestMethod="http://www.w3.org/2001/04/xmlenc#sha256"

synchronizeAttributes=""

clockTolerance=I"60"

groupMembershipAttribute="groupMembership"

idpUrl="IDP URL GOES HERE"

logoutUrl="logouturl"

serviceProviderEntityId="service_provider_entity_id"

handleLogout=B"true"

spPrivateKeyAlias=""

useEncryption=B"false"

nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"

You can also copy the content of the file from CRXDE, after you manually save the OSGi config thru /system/console/configMgr.

Please see the attached screen-shot. You can clearly see the difference between a regular file and a sling:osgiConfig file (com.day.cq.commons.impl.ExternalizerImpl.xml).

Thanks.

Show previous replies

kunalm

Level 2

Hi Pankaj,

Thanks for the detailed reply. I was able to register the config from code using the method you described above. You can mark your response as the correct answer.

Thanks,

Kunal

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded