Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

SP Initiated SSO integration in AEM 6.4 with SAML 2.0 Authentication

Avatar

Avatar
Level 2
soumyadipd33248
Level 2

Likes

0 likes

Total Posts

9 posts

Correct Reply

0 solutions
View profile

Avatar
Level 2
soumyadipd33248
Level 2

Likes

0 likes

Total Posts

9 posts

Correct Reply

0 solutions
View profile
soumyadipd33248
Level 2

26-09-2018

Hi All,

I am new to SAML authentication. I would like to understand the steps involved in setting up only SP initiated SSO in AEM 6.4 using SAML authentication.

Kindly assist.

Thanks!!
Soumyadip Dutta

Replies

Avatar

Avatar
Validate 25
MVP
PuzanovsP
MVP

Likes

140 likes

Total Posts

543 posts

Correct Reply

165 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Contributor 2
Ignite 10
View profile

Avatar
Validate 25
MVP
PuzanovsP
MVP

Likes

140 likes

Total Posts

543 posts

Correct Reply

165 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Contributor 2
Ignite 10
View profile
PuzanovsP
MVP

27-09-2018

Dear Soumyadip Dutta,

Have at look two documents below, they provide pretty good overview of steps required:

Demonstration of AEM and SAML integration  and Demonstration of AEM and SAML integration

Regards,

Peter

Avatar

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,408 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,408 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile
smacdonald2008
Level 10

27-09-2018

Avatar

Avatar
Level 2
soumyadipd33248
Level 2

Likes

0 likes

Total Posts

9 posts

Correct Reply

0 solutions
View profile

Avatar
Level 2
soumyadipd33248
Level 2

Likes

0 likes

Total Posts

9 posts

Correct Reply

0 solutions
View profile
soumyadipd33248
Level 2

28-09-2018

Hi smacdonald2008​ / PuzanovsP​,

Thanks for the quick response.

Below is my metadatadata.xml which we have received from IDP ( WEBSSO ) :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<EntityDescriptor entityID="https://www.websso.db.com/IDP" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">

    <IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

        <KeyDescriptor use="signing">

            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                <ds:X509Data>

                    <ds:X509Certificate>***</ds:X509Certificate>

                </ds:X509Data>

            </ds:KeyInfo>

        </KeyDescriptor>

        <KeyDescriptor use="encryption">

            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                <ds:X509Data>

                    <ds:X509Certificate>***</ds:X509Certificate>

                </ds:X509Data>

            </ds:KeyInfo>

<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc">

                <xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">128</xenc:KeySize>

</EncryptionMethod>

        </KeyDescriptor>

<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>

        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>

        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>

        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>

        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>

        <!--<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://integration.websso.bridge.ies.gto.intranet.db.com/webssoIDP/SAMLProcessor"/>-->

        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://integration.websso.bridge.ies.gto.intranet.db.com/webssoIDP/SAMLCatcher"/>

    </IDPSSODescriptor>

</EntityDescriptor>

We are getting the below error while login :

And in our application, we have configured the SAML 2.0 authentication handler  as :

1581256_pastedImage_3.png