SOLVED
Obtaining other attributes from a SAML assertion using SAML 2.0 Authentication Handler
wrote...
Thanks Sham, and what does FP mean? Do you have a URL I can look at to see details.
FP stands for feature pack & is chargeable. Some of the new feature added to AEM latest release available in the form of fp ( backported to older release) so that you can use. The fp I am referring is NPR-2536, You can file a daycare ticket & ask about it. Note fp allows you to extend still need implement a logic to auto create properties however still you can file daycare asking fp of feasibility to backport all new feature of aem6 into aem5.x.
wrote...
Hi Sham,
I'm using AEM 5.6.1 and have the same question as Sheamus. I can get the SAML authentication handler to work (locally with Shibboleth as the IdP) and it handles the authentication step but I am unable to map additional attributes passed along in the assertion document into the AEM profile.
Of course my client has the requirement of mapping attributes from their user directory AND to use SAML for SSO. We've achieved mapping with the LDAPLoginModule but have not (yet) been able to satisfy the SSO requirement and the mapping together with the SAML authentication handler that comes with AEM 5.6.1.
When I searched around for NPR-2536 and all I found was a list of recommended patches for 5.5 which includes cq-5.5.0-featurepack-2536 that adds the SAML authentication handler. (see: http://helpx.adobe.com/experience-manager/kb/cq55-sp3-recommended-hotfixes.html). So I'm wondering if this is what you were referring to : )
1) is that the case, NPR-2536 a port of the same SAML 2.0 authentication handler available in AEM 5.6.1 to CQ5.5?
2) were there changes in the SAML 2.0 authentication handler between 5.6.1 and 6.0? If so, do you have any links to documentation overviewing any differences?
3) is it possible to map additional attributes passed along in the SAML assertion using the version of the SAML 2.0 authentication handler that comes with 5.6.1? If so, can you provide any links to documentation or examples? Or must one purchase an add-on to 5.6.1 to gain the ability to map attributes from the assertion, either via configuration or via code by extending the handler, so that one may achieve similar functionality as the LDAPLoginModule?
Thanks for the help!
- Tedd
1) It is not same & I was reffering to FP 3184 this is not included in sp3.
2) There is no difference in terms of SSO & AEM 6 has additional extension to configure mapping attributes.
3) Unfortunately AFAIK You need to buy for 5.6.1 & custom implement if you want to configure at saml attribute mapping, file daycare & provide your business case & impact. The assigned engineer will help. For sure you can achieve with LDAP mapping though I have not tried personally & 100% sure it will work.
