Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

SP Initiated SAML Integration on AEM 6.5

Avatar

Level 2

Is there any documentation available on how to integrate SP initiated SAML set up with AEM 6.5?? 

 

The available documentation is not explaining how to create private keys and certificates and how to set them up with IDP. 

The documentation steps work well for IDP initiated SSO.

 

Thanks,

Nikunj Jariwala

1 Accepted Solution

Avatar

Correct answer by
Employee

Hi @nikunjj81682294,

Please check the following for references:

https://helpx.adobe.com/in/experience-manager/kb/simple-saml-demo.html

https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-for-Adobe-CQ.html

 

Steps are:

~ Register your SP (AEM) with IDP (eg okta, ssocircle)

~ Upload certificate into AEM truststore

~ Configure the SAML 2.0 Authentication Handler 

~ Set Apache sling referrer filter to allow the IDP host

https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/saml-2-0-authent...

 

Thanks!!

View solution in original post

3 Replies

Avatar

Correct answer by
Employee

Hi @nikunjj81682294,

Please check the following for references:

https://helpx.adobe.com/in/experience-manager/kb/simple-saml-demo.html

https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-for-Adobe-CQ.html

 

Steps are:

~ Register your SP (AEM) with IDP (eg okta, ssocircle)

~ Upload certificate into AEM truststore

~ Configure the SAML 2.0 Authentication Handler 

~ Set Apache sling referrer filter to allow the IDP host

https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/saml-2-0-authent...

 

Thanks!!

Avatar

Level 2
Are the steps exactly same for SP initiated SAML vs IDP initiated SAML set up?

Avatar

Community Advisor

Hi @nikunjj81682294 ,


Yes the overall steps on AEM side should be the same in either case. Since you are already providing the URL of the IDP where the SAML Authentication Request should be sent to in the IDP URL field.


There might be some additional configuration in your identity provider to specify the AEM sign on URL.  e.g. refer the below link for Azure AD 

 

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/adobeexperiencemanager-tutorial