Intergrating AEM with ADFS

Avatar

Avatar

Chris_Tompkinso

Avatar

Chris_Tompkinso

Chris_Tompkinso

15-10-2015

Hi,

Is there anyway to connect an ADFS server with AEM, similar to the way LDAP works, and what is the best approach to take.

Thanks,

Christopher Tompkinson

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

justin_at_adobe

Employee

Avatar

justin_at_adobe

Employee

justin_at_adobe
Employee

15-10-2015

Answers (2)

Answers (2)

Avatar

Avatar

kesavan1983

Avatar

kesavan1983

kesavan1983

15-10-2015

Hello Sham,

We are still trying to get the integration working with ADFS. We have followed all the steps to import the ADFS Public certificate under idp_cert and we now have below error in the log trace

14.10.2013 17:11:22.811 *INFO* [10.10.100.147 [1381767082811] GET /libs/cq/i18n/dict.en.json HTTP/1.1] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
14.10.2013 17:11:22.812 *WARN* [10.10.100.147 [1381767082811] GET /libs/cq/i18n/dict.en.json HTTP/1.1] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.

Below are the configurations in Adobe Granite SAML 2.0 Authentication Handler

Path : /

Service Ranking : 5002

IDP URL : http://<adfs-hostname>/adfs/services/trust ( Again is this the right POST URL for ADFS or should there be any parameters appended to this url, as at the moment we receive web page unavailable when we hit this url as it is )

Service Provider Entity ID : https://<adfs-hostname>

Cheers,

Dinesh

Avatar

Avatar

Sham_HC

Total Posts

2.1K

Likes

155

Correct Answer

1.2K

Avatar

Sham_HC

Total Posts

2.1K

Likes

155

Correct Answer

1.2K
Sham_HC

15-10-2015

Follow http://helpx.adobe.com/cq/kb/saml-demo.html  AT high level steps are

1)    At ADFS Configure
*   Relaying party & make the nameid format used is same you configure in SAML authentication handler at AEM.
*    In the ADFS outgoing configure to pass uid (generally windows login name) & group.

2)   At cq configure
*    Saml authentication handler. (Nameid, groupattribute, username attribute should match what is configured in ADFS)
*    Upload public certificate at /etc/key/saml/@idp_cert
*    Configure referer filter.

File a daycare if you need additional help. Because a simple wrong configure mistake can lead to looping problem in browser only.