Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events

Azure AD Single Sign On Issue - User ID is incorrect


Level 1

I tried to integrate AEM with Azure AD and configure Single Sign On -



In "Adobe Granite SAML 2.0 Authentication Handler" settings, I checked "Autocreate CRX Users".

I added a user to Azure AD, and tested the user was signed in AEM,

Then it was successfully signed in and AEM user was automatically created, but userid was encrypted... 


I opened another browser, and tested same user, then another user was created in AEM.

I confirmed the SAML response data with FireFox SAML Tracer add-on, it seemed that it was normally returned,

Mail address and upn data and so on were contained with SAML format.

But I configured a logger for SAML in AEM, a following message is written in SAML log:

19.09.2018 17:30:06.797 *DEBUG* [qtp2142656484-3363] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.

Please point me where I missed (SAML 2.0 Authentication Handler? Certification or Trusted Store? Or any other settings?)

Best regards


1 Reply


Level 10

We have this community based end to end that talks about AEM and SAML that may help - Integrating SAML with Adobe Experience Manager