Expand my Community achievements bar.

AEM Saml Integration with federation

Avatar

Level 1
Level 1
8/31/18 12:02:52 AM

Hi,

We are using AEM out of the box saml integration to implement SSO.

I have created an authentication handler with all the IDP related information. I see "samlAuthRequest" is getting gernerated.

In this request we need to pass 1 extra parameters/attributes as below.

    <samlp:RequestedAuthnContext>

        <saml:AuthnContextDeclRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">newtp/Login/External</saml:AuthnContextDeclRef>

    </samlp:RequestedAuthnContext>

Is it possible to pass these above attributes inside saml:AuthRequest using this OOTB saml authentication.

If it is not possible can you please suggest any alternative.

Thanks In Adavance.

Regards,

Mahaboob Alisha Syed.

https://support.rackspace.com/how-to/generate-a-csr-with-openssl/

Views

787

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
2 Replies

Avatar

Level 10
Level 10
8/31/18 6:32:00 AM

Refer to this AEM SAML article based on an AEM community member who successfully got this working.,

Integrating SAML with Adobe Experience Manager

On the front of the artilce is the community member as well who contributed this solution.

Views

616

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
9/4/18 11:08:40 PM
In response to smacdonald2008

Hi smacdonald,

Thanks for your reply.

Actually i have gone through this article before and i have done all the required configurations in SAML authentication handler.

My actual problem statement is i want to add saml authentication context declaration reference using OOTB SAML authentication.

Is this possible or i need to write the custom authentication handler to generate this.

For example:

After configuring saml  authentication hadler i am able to generate the saml auth request as below.

I have removed entity Id and destination as this is related to project. I have not included certificate also.

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

      Destination="https://......" ID="_50bb0cc1-96c8-4439-951d-3186e0e68626"

     IssueInstant="2018-08-29T14:13:01Z"

      ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

      Version="2.0">

      <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">entityId</saml:Issuer>

      <samlp:NameIDPolicy AllowCreate="true"

           Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>

</samlp:AuthnRequest>

I want to include one more attribute called saml authentication context to the above request. depending on this context the IDP will be serving the respective page. So my request should look like this after adding.

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

     Destination="https://......" ID="_50bb0cc1-96c8-4439-951d-3186e0e68626"

     IssueInstant="2018-08-29T14:13:01Z"

     ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

     Version="2.0">

     <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">entityId</saml:Issuer>

     <samlp:NameIDPolicy AllowCreate="true"

          Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>

    <samlp:RequestedAuthnContext>

             <saml:AuthnContextDeclRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">newtp/Login/External</saml:AuthnContex           tDeclRef>

    </samlp:RequestedAuthnContext>

</samlp:AuthnRequest>

Above bold should be added along with out of the box request.

Regards,

Mahaboob Alisha Syed.

Views

616

Replies

0
Sign in to like this content

Total Likes

Translate
Translate