Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

AEM SSO - SAML 2.0 Authentication - Azure AD

Avatar

Level 2

We have recently enabled SSO SAML2.0 Authentication with Microsoft Azure AD. We were successfully able to integrate AEM with Azure AD. Every time when we hit the AEM URL, it takes us to SSO Provider, and upon successful authentication, it takes us to start.html of AEM. Also, users are created with synchronized attributes specified in the configuration.

 

However, we cant login as admin or other AEM users, since the legacy AEM login page is replaced with the SSO login page. Tried modifying the path variable in SAML OSGI Config but no luck we had to revert the OSGI Configuration.

 

Please let us know if there is any other way to achieve the SSO with restricted paths and also with login as admin/other aem users (tried directly accessing crx/de or system/console still it is redirecting to SSO login Page)

 

Followed Adobe recommended article(s). 

https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/saml-2-0-authent...

https://helpx.adobe.com/experience-manager/kb/simple-saml-demo.html

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

The URL /libs/granite/core/content/login.html should be already excluded from the Authentication(enabled for anonymous access) through "Apache Sling Authentication Service"

Apache-sling-authentication-service.png

Please verify and exclude if not excluded already

Now the AEM login page can be invoked through - http://localhost:4502/libs/granite/core/content/login.html

Regards

Albin I

www.albinsblog.com

 

View solution in original post

1 Reply

Avatar

Correct answer by
Community Advisor

The URL /libs/granite/core/content/login.html should be already excluded from the Authentication(enabled for anonymous access) through "Apache Sling Authentication Service"

Apache-sling-authentication-service.png

Please verify and exclude if not excluded already

Now the AEM login page can be invoked through - http://localhost:4502/libs/granite/core/content/login.html

Regards

Albin I

www.albinsblog.com