AEM Saml Integration with federation | Community
Skip to main content
M
mahaboooba18002
Level 2
August 31, 2018

AEM Saml Integration with federation

  • August 31, 2018
  • 1 reply
  • 1252 views

Hi,

We are using AEM out of the box saml integration to implement SSO.

I have created an authentication handler with all the IDP related information. I see "samlAuthRequest" is getting gernerated.

In this request we need to pass 1 extra parameters/attributes as below.

    <samlp:RequestedAuthnContext>

        <saml:AuthnContextDeclRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">newtp/Login/External</saml:AuthnContextDeclRef>

    </samlp:RequestedAuthnContext>

Is it possible to pass these above attributes inside saml:AuthRequest using this OOTB saml authentication.

If it is not possible can you please suggest any alternative.

Thanks In Adavance.

Regards,

Mahaboob Alisha Syed.

https://support.rackspace.com/how-to/generate-a-csr-with-openssl/

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

1 reply

smacdonald2008
smacdonald2008
Level 10
August 31, 2018

Refer to this AEM SAML article based on an AEM community member who successfully got this working.,

Integrating SAML with Adobe Experience Manager

On the front of the artilce is the community member as well who contributed this solution.

M
mahaboooba18002Author
Level 2
September 5, 2018

Hi smacdonald,

Thanks for your reply.

Actually i have gone through this article before and i have done all the required configurations in SAML authentication handler.

My actual problem statement is i want to add saml authentication context declaration reference using OOTB SAML authentication.

Is this possible or i need to write the custom authentication handler to generate this.

For example:

After configuring saml  authentication hadler i am able to generate the saml auth request as below.

I have removed entity Id and destination as this is related to project. I have not included certificate also.

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

      Destination="https://......" ID="_50bb0cc1-96c8-4439-951d-3186e0e68626"

     IssueInstant="2018-08-29T14:13:01Z"

      ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

      Version="2.0">

      <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">entityId</saml:Issuer>

      <samlp:NameIDPolicy AllowCreate="true"

           Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>

</samlp:AuthnRequest>

I want to include one more attribute called saml authentication context to the above request. depending on this context the IDP will be serving the respective page. So my request should look like this after adding.

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

     Destination="https://......" ID="_50bb0cc1-96c8-4439-951d-3186e0e68626"

     IssueInstant="2018-08-29T14:13:01Z"

     ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

     Version="2.0">

     <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">entityId</saml:Issuer>

     <samlp:NameIDPolicy AllowCreate="true"

          Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>

    <samlp:RequestedAuthnContext>

             <saml:AuthnContextDeclRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">newtp/Login/External</saml:AuthnContex           tDeclRef>

    </samlp:RequestedAuthnContext>

</samlp:AuthnRequest>

Above bold should be added along with out of the box request.

Regards,

Mahaboob Alisha Syed.

Terms & ConditionsAccessibility statement

Loading footer...