Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

SP Initiated SAML Integration on AEM 6.5

Avatar

Level 2

Is there any documentation available on how to integrate SP initiated SAML set up with AEM 6.5?? 

 

The available documentation is not explaining how to create private keys and certificates and how to set them up with IDP. 

The documentation steps work well for IDP initiated SSO.

 

Thanks,

Nikunj Jariwala

1 Accepted Solution

Avatar

Correct answer by
Employee

Hi @nikunjj81682294,

Please check the following for references:

https://helpx.adobe.com/in/experience-manager/kb/simple-saml-demo.html

https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-for-Adobe-CQ.html

 

Steps are:

~ Register your SP (AEM) with IDP (eg okta, ssocircle)

~ Upload certificate into AEM truststore

~ Configure the SAML 2.0 Authentication Handler 

~ Set Apache sling referrer filter to allow the IDP host

https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/saml-2-0-authent...

 

Thanks!!

View solution in original post

3 Replies

Avatar

Correct answer by
Employee

Hi @nikunjj81682294,

Please check the following for references:

https://helpx.adobe.com/in/experience-manager/kb/simple-saml-demo.html

https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-for-Adobe-CQ.html

 

Steps are:

~ Register your SP (AEM) with IDP (eg okta, ssocircle)

~ Upload certificate into AEM truststore

~ Configure the SAML 2.0 Authentication Handler 

~ Set Apache sling referrer filter to allow the IDP host

https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/saml-2-0-authent...

 

Thanks!!

Avatar

Level 2
Are the steps exactly same for SP initiated SAML vs IDP initiated SAML set up?

Avatar

Level 3

Hi @nikunjj81682294 ,


Yes the overall steps on AEM side should be the same in either case. Since you are already providing the URL of the IDP where the SAML Authentication Request should be sent to in the IDP URL field.


There might be some additional configuration in your identity provider to specify the AEM sign on URL.  e.g. refer the below link for Azure AD 

 

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/adobeexperiencemanager-tutorial