Intergrating AEM with ADFS

Answers (2)

Answers (2)

kesavan1983

15-10-2015

Hello Sham,

We are still trying to get the integration working with ADFS. We have followed all the steps to import the ADFS Public certificate under idp_cert and we now have below error in the log trace

14.10.2013 17:11:22.811 *INFO* [10.10.100.147 [1381767082811] GET /libs/cq/i18n/dict.en.json HTTP/1.1] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
14.10.2013 17:11:22.812 *WARN* [10.10.100.147 [1381767082811] GET /libs/cq/i18n/dict.en.json HTTP/1.1] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.

Below are the configurations in Adobe Granite SAML 2.0 Authentication Handler

Path : /

Service Ranking : 5002

IDP URL : http://<adfs-hostname>/adfs/services/trust ( Again is this the right POST URL for ADFS or should there be any parameters appended to this url, as at the moment we receive web page unavailable when we hit this url as it is )

Service Provider Entity ID : https://<adfs-hostname>

Cheers,

Dinesh

Sham_HC

15-10-2015

Follow http://helpx.adobe.com/cq/kb/saml-demo.html  AT high level steps are

1)    At ADFS Configure
*   Relaying party & make the nameid format used is same you configure in SAML authentication handler at AEM.
*    In the ADFS outgoing configure to pass uid (generally windows login name) & group.

2)   At cq configure
*    Saml authentication handler. (Nameid, groupattribute, username attribute should match what is configured in ADFS)
*    Upload public certificate at /etc/key/saml/@idp_cert
*    Configure referer filter.

File a daycare if you need additional help. Because a simple wrong configure mistake can lead to looping problem in browser only.