Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

SP Initiated SAML Integration on AEM 6.5

nikunjj81682294
Level 2
Level 2

Is there any documentation available on how to integrate SP initiated SAML set up with AEM 6.5?? 

 

The available documentation is not explaining how to create private keys and certificates and how to set them up with IDP. 

The documentation steps work well for IDP initiated SSO.

 

Thanks,

Nikunj Jariwala

1 Accepted Solution
vanegi
Correct answer by
Employee
Employee

Hi @nikunjj81682294,

Please check the following for references:

https://helpx.adobe.com/in/experience-manager/kb/simple-saml-demo.html

https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-for-Adobe-CQ.html

 

Steps are:

~ Register your SP (AEM) with IDP (eg okta, ssocircle)

~ Upload certificate into AEM truststore

~ Configure the SAML 2.0 Authentication Handler 

~ Set Apache sling referrer filter to allow the IDP host

https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/saml-2-0-authent...

 

Thanks!!

View solution in original post

3 Replies
vanegi
Correct answer by
Employee
Employee

Hi @nikunjj81682294,

Please check the following for references:

https://helpx.adobe.com/in/experience-manager/kb/simple-saml-demo.html

https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-for-Adobe-CQ.html

 

Steps are:

~ Register your SP (AEM) with IDP (eg okta, ssocircle)

~ Upload certificate into AEM truststore

~ Configure the SAML 2.0 Authentication Handler 

~ Set Apache sling referrer filter to allow the IDP host

https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/saml-2-0-authent...

 

Thanks!!

View solution in original post

nikunjj81682294
Level 2
Level 2
Are the steps exactly same for SP initiated SAML vs IDP initiated SAML set up?
narendragandhi
Level 3
Level 3

Hi @nikunjj81682294 ,


Yes the overall steps on AEM side should be the same in either case. Since you are already providing the URL of the IDP where the SAML Authentication Request should be sent to in the IDP URL field.


There might be some additional configuration in your identity provider to specify the AEM sign on URL.  e.g. refer the below link for Azure AD 

 

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/adobeexperiencemanager-tutorial