Expand my Community achievements bar.

SOLVED

AEM6.5 SAML metadata

Avatar

Level 4

The IDP needs SAML metadata(SP), anybody knows what is this? And where can I find it? 

1 Accepted Solution

Avatar

Correct answer by
Level 5

Hi @Johann_Lu 

SAML metadata is used to share configuration information between the Identity Provider (IdP) for example Azure AD. and the Service Provider (SP) for example your application/AEM for that matter. Metadata for the IdP and the SP is defined in XML files

 

The IdP metadata XML file contains the IdP certificate, the entity ID, the redirect URL (after successful authentication), the logout URL etc. he SP metadata XML file contains the SP certificate, the entity ID, the Assertion Consumer Service URL (ACS URL) etc. Meta-data also contains the hierarchical information about user/group storage e.g. oragnization id, user group name etc and this meta-data can be used to sync the users/groups after successful authentication (Some of the attributes used in AEM cofigurations for SSO - Configuring LDAP with AEM 6 | Adobe Experience Manager.)

 

Based on the Idp and SP being used for your SAML for SSO, respective systems provides wizard/tools to generate meta-data xmls for SAML configuration e.g. steps for Azure AD - Configure a SAML 2.0 provider for portals with Azure AD - Power Apps | Microsoft Learn 

 

Hope this helps

Can also be possible with external tools - SAML Identity Provider (IdP) XML Metadata Builder | SAMLTool.com

View solution in original post

5 Replies

Avatar

Employee Advisor

@Johann_Lu I believe this is the metadata from SP, that IdP is looking for. Check the URL

https://labs.tadigital.com/index.php/2017/10/10/saml-single-sign-on-sso-for-aem-authorpublish-part-2...

Also, please go through the same Blog for a detailed process for a SSO set up. Insightful read

Avatar

Correct answer by
Level 5

Hi @Johann_Lu 

SAML metadata is used to share configuration information between the Identity Provider (IdP) for example Azure AD. and the Service Provider (SP) for example your application/AEM for that matter. Metadata for the IdP and the SP is defined in XML files

 

The IdP metadata XML file contains the IdP certificate, the entity ID, the redirect URL (after successful authentication), the logout URL etc. he SP metadata XML file contains the SP certificate, the entity ID, the Assertion Consumer Service URL (ACS URL) etc. Meta-data also contains the hierarchical information about user/group storage e.g. oragnization id, user group name etc and this meta-data can be used to sync the users/groups after successful authentication (Some of the attributes used in AEM cofigurations for SSO - Configuring LDAP with AEM 6 | Adobe Experience Manager.)

 

Based on the Idp and SP being used for your SAML for SSO, respective systems provides wizard/tools to generate meta-data xmls for SAML configuration e.g. steps for Azure AD - Configure a SAML 2.0 provider for portals with Azure AD - Power Apps | Microsoft Learn 

 

Hope this helps

Can also be possible with external tools - SAML Identity Provider (IdP) XML Metadata Builder | SAMLTool.com