Expand my Community achievements bar.

Learn about Edge Delivery Services in upcoming GEM session
Register!

SP Initiated SSO integration in AEM 6.4 with SAML 2.0 Authentication

Avatar

Level 2
Level 2
9/26/18 9:29:01 PM

Hi All,

I am new to SAML authentication. I would like to understand the steps involved in setting up only SP initiated SSO in AEM 6.4 using SAML authentication.

Kindly assist.

Thanks!!
Soumyadip Dutta

Views

1.6K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
3 Replies

Avatar

Community Advisor
Community Advisor
9/27/18 5:14:32 AM

Dear Soumyadip Dutta,

Have at look two documents below, they provide pretty good overview of steps required:

Demonstration of AEM and SAML integration  and Demonstration of AEM and SAML integration

Regards,

Peter

Views

1.1K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
9/28/18 12:23:43 AM

Hi smacdonald2008​ / PuzanovsP​,

Thanks for the quick response.

Below is my metadatadata.xml which we have received from IDP ( WEBSSO ) :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<EntityDescriptor entityID="https://www.websso.db.com/IDP" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">

    <IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

        <KeyDescriptor use="signing">

            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                <ds:X509Data>

                    <ds:X509Certificate>***</ds:X509Certificate>

                </ds:X509Data>

            </ds:KeyInfo>

        </KeyDescriptor>

        <KeyDescriptor use="encryption">

            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                <ds:X509Data>

                    <ds:X509Certificate>***</ds:X509Certificate>

                </ds:X509Data>

            </ds:KeyInfo>

<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc">

                <xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">128</xenc:KeySize>

</EncryptionMethod>

        </KeyDescriptor>

<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>

        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>

        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>

        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>

        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>

        <!--<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://integration.websso.bridge.ies.gto.intranet.db.com/webssoIDP/SAMLProcessor"/>-->

        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://integration.websso.bridge.ies.gto.intranet.db.com/webssoIDP/SAMLCatcher"/>

    </IDPSSODescriptor>

</EntityDescriptor>

We are getting the below error while login :

And in our application, we have configured the SAML 2.0 authentication handler  as :

1581256_pastedImage_3.png

Views

1.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate