Adobe Experience Manager Sites & More

joed62279101 · 10/15/15

Hello, I am working on a proof of concept to integrate Adobe AEM 5.6 with SSO using SAML. I followed the demonstration documentation located here: http://helpx.adobe.com/experience-manager/kb/saml-demo.html. This document shows the following entry in metata/adobecq.xml

<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:6502/saml_login" index="1"/>

When accessing AEM I am prompted to enter credentials by the IdP and after successfully authenticating it attempts to redirect me back to this http://localhost:6502/saml_login which is not available. It does not appear that anything AEM is listening on port 6502. Is there some service that needs to be enabled that is not enabled?

Any help would be greatly appreciated.

justin_at_adobe · 10/15/15

That would suggest that the SAML Authentication Handler isn't being fired. You might want to increase logging on it.

http://dev.day.com/content/docs/en/cq/current/core/administering/saml-2-0-authenticationhandler.html is the main documentation for this feature.

View solution in original post

MorisTM · 10/15/15

If your instance is actually on port 4502, you may need to update this in adobecq.xml

justin_at_adobe · 10/15/15

The Location attribute needs to be whatever host/port CQ is available on. In that particular example, CQ is running on localhost:6502. If you are using a different host/port, then specify a different Location attribute.

joed62279101 · 10/15/15

That is what I would have thought too, but the rest of the documentation at that page indicates that AEM is running on 4502. so I assumed some saml listener was running on 6502. Anyhow, I tried changing that to 4502 and I get caught in a loop. When the callback redirects to localhost:4502/saml_login it then redirects back to the IdP.

Is there any additional documentation available on this subject?

joed62279101 · 10/15/15

I also see this when I access that on 4502 -

URI=/saml_login resolves to Resource=NonExistingResource, path=/saml_login

So there must be some additional configuration to enable this that I cannot find any documentation on.

justin_at_adobe · 10/15/15

That would suggest that the SAML Authentication Handler isn't being fired. You might want to increase logging on it.

http://dev.day.com/content/docs/en/cq/current/core/administering/saml-2-0-authenticationhandler.html is the main documentation for this feature.

Sham_HC · 10/15/15

Do you have any other authentication configured? Increase the ranking of saml authentication handler and verify.

What king of document you are looking for ? Troubleshooting saml integration ?

Adobe Experience Manager Sites & More

How do you enable saml_login?

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe