Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

AEM Integration with Microsoft Active Directory for SSO

Avatar

Level 2

Hello All,

 

We are trying to implement SSO with Microsoft AD, can you please help with the doucmentation links or implementation process?

 

Thanks,

Adithya.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @adithyaa4585051 ,

SAML authentication would do, I believe. After you configure your AEM (trust store and keystore), and "Adobe Granite SAML 2.0 Authentication Handler" on config browser. It'd be done easily than you ever thought.

Reference: SAML 2.0 Authentication Handler

In addition to that you need certificate chain for your domain and private key(your IT/web-hosting dept will provide that.

Thanks,

Bilal.

View solution in original post

6 Replies

Avatar

Correct answer by
Community Advisor

Hi @adithyaa4585051 ,

SAML authentication would do, I believe. After you configure your AEM (trust store and keystore), and "Adobe Granite SAML 2.0 Authentication Handler" on config browser. It'd be done easily than you ever thought.

Reference: SAML 2.0 Authentication Handler

In addition to that you need certificate chain for your domain and private key(your IT/web-hosting dept will provide that.

Thanks,

Bilal.

Avatar

Level 2

Thanks for your kind help. I am trying to implement this in AEM 6.5 and I see an other issue.

 

I am trying to implenment SAMLin AEM 6.5 by referencing this document-> https://helpx.adobe.com/experience-manager/using/aem63_saml.html

 

In AEM 6.5, I don't see a trust store option under a user. when I tried to do the same in AEM 6.3 I am able to see it. Can you please help me here?

 

I saw aem 6.5 administration document, but it is pointiing to aem 6.3 saml implementation which I am referencing as abaove.  PLease let me know If I need to reference any other documentation

 

P F A below for both the images.6.3 pic.PNG6.5 pic.PNG

 

Thanks,
Adithya.

 

 

Avatar

Community Advisor

Hi @adithyaa4585051,

Yes, the official documentation is confusing. However, for testing purpose, you may follow Integrating SAML with Adobe Experience Manager to:

1. Setting up the Identity provider.

2. Download the IDP certificate from here :

sso-circle.PNG

3. After that, create a password( and make a note - you'll need it to configure Saml 2 Auth Handler later on) for Global trust store (located here - /libs/granite/security/content/truststore.html)

4. Upload the certificate that you downloaded(step 2) here, and map it with 'authentication-service' user[not there in my screenshot]:
trust-store-upload-cert.PNG

It will then generate an alias name(note it down somewhere):
trust-store-upload-cert.PNG

5. Make an entry at Allow Hosts(Apache Sling referrer Filter):
sling-referrer.PNG

6. configure 'Adobe Granite SAML 2.0 Authentication Handler' - https://helpx.adobe.com/experience-manager/using/aem63_saml.html#ConfiguretheSAML20AuthenticationHan...

7. Configure a logger (optional) - https://helpx.adobe.com/experience-manager/using/aem63_saml.html#ConfigureaLoggerforSAML

7. Define CUG permissions for your root page(i've added here - http://localhost:4502/sites.html/content/we-retail/us cug.PNG

 

That's it! now try accessing the page(http://localhost:4502/sites.html/content/we-retail/us) in incognito(i'm assuming you'd have saved username and password in your browser).

 

Hope that helps.

 

Thanks,

Bilal.