Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

AEM SAML Integration

Avatar

Level 1

We are currently working on an AEM (6.1) based application which needs end users to authenticate using an AUSKey, basically a SAML based authenticating mechanism.

AUSKey is an authentication system used by several Australian departments. We are trying to integrate the AEM publish instance with their test environment.

We are facing below couple of issues:

1. AUSKey requires the SP to send <samlp:Extensions></samlp:Extensions> attribute filled with details of the Department/Agency for which the authentication is being requested for. The OOTB SAML authentication handler does not seem to support this. Is there any other way of configuring this within AEM? A sample extension section would look like below:

 

                <vanp:VANguardRequest AgencyName="SA Office of Small Business"

                SupportURL="http://example.gov.au/Portal/support.aspx"

                ValidationScenario="Login">

                                <vanp:DeclarationText>First Line of Declaration.%0d%0aSecond Line of Declaration.%0d%0a</vanp:DeclarationText>

                                <vanp:AgencyNameText Line1="Department of Examples"         Line2="Australian Government" />

                                <vanp:AgencyText></vanp:AgencyText>

                                <vanp:ValidationConditions>

                                                <vanp:ValidationMethod>Any</vanp:ValidationMethod>

                                                <vanp:CredentialStatusCheck>AcceptStale</vanp:CredentialStatusCheck>

                                                <vanp:AuthenticationPolicy>

                                                                <vanp:CredentialPolicy>

                                                                                <vanp:CredentialType Name="ABR_User" />

                                                                                <vanp:CredentialType Name=" Verisign_User" />

                                                                </vanp:CredentialPolicy>

                                                </vanp:AuthenticationPolicy>

                                                <vanp:ClaimsRequested>

                                                                <vanp:Claim Mandatory="true" Name="http://vanguard.ebusiness.gov.au/2008/06/identity/claims/commonname" />

                                                </vanp:ClaimsRequested>

                                </vanp:ValidationConditions>

                </vanp:VANguardRequest>

 

2. We have configured the public certificate and the private key as explained in the various documentation/forums. But when the authentication request is sent from AEM, the request seems to be missing the public key within the KeyInfo tag. We see that the data is getting encrypted within the request but the key is not getting attached. Any pointers in this regard would help as well.

 

Thanks,

Robin Goyal

2 Replies

Avatar

Level 10

I am checking with internal Adobe ppl. 

Avatar

Level 1

Thanks. Please let me know as soon as you get any info on this. This is pretty urgent at our end.

Thanks again for your help.