Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

AEM Saml Integration with federation

Avatar

Avatar
Validate 1
Level 1
mahaboooba18002
Level 1

Likes

0 likes

Total Posts

5 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
mahaboooba18002
Level 1

Likes

0 likes

Total Posts

5 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile
mahaboooba18002
Level 1

31-08-2018

Hi,

We are using AEM out of the box saml integration to implement SSO.

I have created an authentication handler with all the IDP related information. I see "samlAuthRequest" is getting gernerated.

In this request we need to pass 1 extra parameters/attributes as below.

    <samlp:RequestedAuthnContext>

        <saml:AuthnContextDeclRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">newtp/Login/External</saml:AuthnContextDeclRef>

    </samlp:RequestedAuthnContext>

Is it possible to pass these above attributes inside saml:AuthRequest using this OOTB saml authentication.

If it is not possible can you please suggest any alternative.

Thanks In Adavance.

Regards,

Mahaboob Alisha Syed.

https://support.rackspace.com/how-to/generate-a-csr-with-openssl/

Replies

Avatar

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,406 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,406 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile
smacdonald2008
Level 10

31-08-2018

Refer to this AEM SAML article based on an AEM community member who successfully got this working.,

Integrating SAML with Adobe Experience Manager

On the front of the artilce is the community member as well who contributed this solution.

Avatar

Avatar
Validate 1
Level 1
mahaboooba18002
Level 1

Likes

0 likes

Total Posts

5 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
mahaboooba18002
Level 1

Likes

0 likes

Total Posts

5 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile
mahaboooba18002
Level 1

04-09-2018

Hi smacdonald,

Thanks for your reply.

Actually i have gone through this article before and i have done all the required configurations in SAML authentication handler.

My actual problem statement is i want to add saml authentication context declaration reference using OOTB SAML authentication.

Is this possible or i need to write the custom authentication handler to generate this.

For example:

After configuring saml  authentication hadler i am able to generate the saml auth request as below.

I have removed entity Id and destination as this is related to project. I have not included certificate also.

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

      Destination="https://......" ID="_50bb0cc1-96c8-4439-951d-3186e0e68626"

     IssueInstant="2018-08-29T14:13:01Z"

      ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

      Version="2.0">

      <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">entityId</saml:Issuer>

      <samlp:NameIDPolicy AllowCreate="true"

           Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>

</samlp:AuthnRequest>

I want to include one more attribute called saml authentication context to the above request. depending on this context the IDP will be serving the respective page. So my request should look like this after adding.

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

     Destination="https://......" ID="_50bb0cc1-96c8-4439-951d-3186e0e68626"

     IssueInstant="2018-08-29T14:13:01Z"

     ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

     Version="2.0">

     <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">entityId</saml:Issuer>

     <samlp:NameIDPolicy AllowCreate="true"

          Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>

    <samlp:RequestedAuthnContext>

             <saml:AuthnContextDeclRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">newtp/Login/External</saml:AuthnContex           tDeclRef>

    </samlp:RequestedAuthnContext>

</samlp:AuthnRequest>

Above bold should be added along with out of the box request.

Regards,

Mahaboob Alisha Syed.