Highlighted

AEM Saml Integration with federation

mahaboooba18002

31-08-2018

Hi,

We are using AEM out of the box saml integration to implement SSO.

I have created an authentication handler with all the IDP related information. I see "samlAuthRequest" is getting gernerated.

In this request we need to pass 1 extra parameters/attributes as below.

    <samlp:RequestedAuthnContext>

        <saml:AuthnContextDeclRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">newtp/Login/External</saml:AuthnContextDeclRef>

    </samlp:RequestedAuthnContext>

Is it possible to pass these above attributes inside saml:AuthRequest using this OOTB saml authentication.

If it is not possible can you please suggest any alternative.

Thanks In Adavance.

Regards,

Mahaboob Alisha Syed.

https://support.rackspace.com/how-to/generate-a-csr-with-openssl/

Replies

Highlighted

smacdonald2008

31-08-2018

Refer to this AEM SAML article based on an AEM community member who successfully got this working.,

Integrating SAML with Adobe Experience Manager

On the front of the artilce is the community member as well who contributed this solution.

Highlighted

mahaboooba18002

04-09-2018

Hi smacdonald,

Thanks for your reply.

Actually i have gone through this article before and i have done all the required configurations in SAML authentication handler.

My actual problem statement is i want to add saml authentication context declaration reference using OOTB SAML authentication.

Is this possible or i need to write the custom authentication handler to generate this.

For example:

After configuring saml  authentication hadler i am able to generate the saml auth request as below.

I have removed entity Id and destination as this is related to project. I have not included certificate also.

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

      Destination="https://......" ID="_50bb0cc1-96c8-4439-951d-3186e0e68626"

     IssueInstant="2018-08-29T14:13:01Z"

      ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

      Version="2.0">

      <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">entityId</saml:Issuer>

      <samlp:NameIDPolicy AllowCreate="true"

           Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>

</samlp:AuthnRequest>

I want to include one more attribute called saml authentication context to the above request. depending on this context the IDP will be serving the respective page. So my request should look like this after adding.

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

     Destination="https://......" ID="_50bb0cc1-96c8-4439-951d-3186e0e68626"

     IssueInstant="2018-08-29T14:13:01Z"

     ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

     Version="2.0">

     <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">entityId</saml:Issuer>

     <samlp:NameIDPolicy AllowCreate="true"

          Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>

    <samlp:RequestedAuthnContext>

             <saml:AuthnContextDeclRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">newtp/Login/External</saml:AuthnContex           tDeclRef>

    </samlp:RequestedAuthnContext>

</samlp:AuthnRequest>

Above bold should be added along with out of the box request.

Regards,

Mahaboob Alisha Syed.