Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

SAML configuration for multiple websites on same AEM 6.1 SP2 instance

Avatar

Avatar
Validate 1
Level 2
arvindk091986
Level 2

Likes

2 likes

Total Posts

18 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile

Avatar
Validate 1
Level 2
arvindk091986
Level 2

Likes

2 likes

Total Posts

18 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile
arvindk091986
Level 2

21-05-2018

Hi all,

As per the business requirement, I am working on providing login functionality for multiple websites on same AEM 6.1 SP2 Instance. We already have a website which is configured with an IDP and SPID accordingly. Now that there are few more websites added to the same instance, we are in a process of providing login functionality for them. We have a single IDP and multiple SPID's with respective rankings for the websites. So upon creation of multiple SAML Configurations, the handler picks up the highest ranking configuration and processes it, for whatever the website it is with the "Path" configured to "/" for all the SAML configurations. Is there a way for us to say that www.aaa.com has to use SAML handler 1, www.bbb.com has to use SAML handler 2? Or is it something which we need to extend the existing SAML auth handler for doing it so?

My requirement is something near to this topic: Multiple Domains and SAML

Have followed the below mentioned forum threads, but no luck in getting through. Please suggest

Multiple SAML Configurations on Same AEM 6.1 Instance

Multiple Authentication handlers

AEM integration with multiple identity provider

Thanks,

Arvind

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Validate 10
Level 3
anushap40132887
Level 3

Likes

8 likes

Total Posts

52 posts

Correct Reply

3 solutions
Top badges earned
Validate 10
Validate 1
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Validate 10
Level 3
anushap40132887
Level 3

Likes

8 likes

Total Posts

52 posts

Correct Reply

3 solutions
Top badges earned
Validate 10
Validate 1
Ignite 5
Ignite 3
Ignite 1
View profile
anushap40132887
Level 3

12-06-2018

We can handle multiple domain login with OOB adobe saml configuration itself. No need of custom handler.
Just make sure that the "path" property in the saml configuration should match with assertion consumer URL in IDP side.

Eg :  if we have two domains www.abc.com with root path /content/abc and www.xyz.com with /content/xyz, then in the saml configuration for www.abc.com path should be conifgured as /content/abc and assertion consumer URL should be as https://www.abc.com/content/abc/saml_login and configure the other domain in similar way. Also configure the default redirect url for both domains as required.

Answers (4)

Answers (4)

Avatar

Avatar
Validate 10
Level 3
srikanthp689160
Level 3

Likes

20 likes

Total Posts

95 posts

Correct Reply

0 solutions
Top badges earned
Validate 10
Validate 1
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Validate 10
Level 3
srikanthp689160
Level 3

Likes

20 likes

Total Posts

95 posts

Correct Reply

0 solutions
Top badges earned
Validate 10
Validate 1
Ignite 5
Ignite 3
Ignite 1
View profile
srikanthp689160
Level 3

27-11-2019

Hi,

Our requirement is similar but when user moves onto other domain, user must not be asked to login again since IDP is same for both domains i.e. user is on a page with domain www.xyz.com and tries to navigate to www.xyz.co.uk user must not be asked to login again since already logged in and has access to co.uk as well. Is it possible? Are there any configurations required at IDP end to achieve this?

We are using Salesforce as Identity Provider.

Any suggestions would be really helpful.

Thanks,

Srikanth Pogula.

Avatar

Avatar
Validate 1
Level 2
arvindk091986
Level 2

Likes

2 likes

Total Posts

18 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile

Avatar
Validate 1
Level 2
arvindk091986
Level 2

Likes

2 likes

Total Posts

18 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile
arvindk091986
Level 2

23-05-2018

Hi Andrew,

Upon changing the the path to "/content/aaa" and "/content/bbb" it still picks up the highest ranking SAML configuration for all the websites login. As I said, its single IDP and multiple SPID's in our scenario.


Thanks,
Arvind

Avatar

Avatar
Give Back 5
Employee
Andrew_Khoury
Employee

Likes

75 likes

Total Posts

93 posts

Correct Reply

33 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back 10
Give Back
Boost 50
View profile

Avatar
Give Back 5
Employee
Andrew_Khoury
Employee

Likes

75 likes

Total Posts

93 posts

Correct Reply

33 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back 10
Give Back
Boost 50
View profile
Andrew_Khoury
Employee

22-05-2018

Why have "/" configured as the path for all of them.  To avoid having to do some special handling you could have each handler configured with "Path" pointing to the site (e.g. for the www.aaa.com handler the Path field would be /content/aaa).  Then when the user goes to the site (they should be visiting /content/aaa anyway), they would get sent to the correct IDP for login.

Avatar

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,406 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,406 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile
smacdonald2008
Level 10

21-05-2018

We have a SAML article here -- Integrating SAML with Adobe Experience Manager

For multiple ones - looks like you are correct - a custom handler is needed.