I tried to integrate AEM with Azure AD and configure Single Sign On -
https://docs.microsoft.com/en-US/azure/active-directory/saas-apps/adobeexperiencemanager-tutorial
https://helpx.adobe.com/experience-manager/6-4/sites/administering/using/saml-2-0-authenticationhand...
In "Adobe Granite SAML 2.0 Authentication Handler" settings, I checked "Autocreate CRX Users".
I added a user to Azure AD, and tested the user was signed in AEM,
Then it was successfully signed in and AEM user was automatically created, but userid was encrypted...
uX6J0/N2Q0eoGR5wSdFQrM89ZbqaO6dHamh8SD/S8dM=
I opened another browser, and tested same user, then another user was created in AEM.
I confirmed the SAML response data with FireFox SAML Tracer add-on, it seemed that it was normally returned,
Mail address and upn data and so on were contained with SAML format.
But I configured a logger for SAML in AEM, a following message is written in SAML log:
19.09.2018 17:30:06.797 *DEBUG* [qtp2142656484-3363] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.
Please point me where I missed (SAML 2.0 Authentication Handler? Certification or Trusted Store? Or any other settings?)
Best regards
Koichi