AEM SSO - SAML 2.0 Authentication - Azure AD

Avatar

Avatar
Boost 1
Level 1
srikrishnank190
Level 1

Likes

2 likes

Total Posts

5 posts

Correct reply

0 solutions
Top badges earned
Boost 1
View profile

Avatar
Boost 1
Level 1
srikrishnank190
Level 1

Likes

2 likes

Total Posts

5 posts

Correct reply

0 solutions
Top badges earned
Boost 1
View profile
srikrishnank190
Level 1

19-08-2020

We have recently enabled SSO SAML2.0 Authentication with Microsoft Azure AD. We were successfully able to integrate AEM with Azure AD. Every time when we hit the AEM URL, it takes us to SSO Provider, and upon successful authentication, it takes us to start.html of AEM. Also, users are created with synchronized attributes specified in the configuration.

 

However, we cant login as admin or other AEM users, since the legacy AEM login page is replaced with the SSO login page. Tried modifying the path variable in SAML OSGI Config but no luck we had to revert the OSGI Configuration.

 

Please let us know if there is any other way to achieve the SSO with restricted paths and also with login as admin/other aem users (tried directly accessing crx/de or system/console still it is redirecting to SSO login Page)

 

Followed Adobe recommended article(s). 

https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/saml-2-0-authent...

https://helpx.adobe.com/experience-manager/kb/simple-saml-demo.html

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Validate 1
MVP
Albin_Issac
MVP

Likes

106 likes

Total Posts

119 posts

Correct reply

33 solutions
Top badges earned
Validate 1
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile

Avatar
Validate 1
MVP
Albin_Issac
MVP

Likes

106 likes

Total Posts

119 posts

Correct reply

33 solutions
Top badges earned
Validate 1
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile
Albin_Issac
MVP

19-08-2020

The URL /libs/granite/core/content/login.html should be already excluded from the Authentication(enabled for anonymous access) through "Apache Sling Authentication Service"

Apache-sling-authentication-service.png

Please verify and exclude if not excluded already

Now the AEM login page can be invoked through - http://localhost:4502/libs/granite/core/content/login.html

Regards

Albin I

www.albinsblog.com

 

Answers (0)