Highlighted

SP Initiated SSO integration in AEM 6.4 with SAML 2.0 Authentication

soumyadipd33248

26-09-2018

Hi All,

I am new to SAML authentication. I would like to understand the steps involved in setting up only SP initiated SSO in AEM 6.4 using SAML authentication.

Kindly assist.

Thanks!!
Soumyadip Dutta

Replies

Highlighted

soumyadipd33248

28-09-2018

Hi smacdonald2008​ / PuzanovsP​,

Thanks for the quick response.

Below is my metadatadata.xml which we have received from IDP ( WEBSSO ) :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<EntityDescriptor entityID="https://www.websso.db.com/IDP" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">

    <IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

        <KeyDescriptor use="signing">

            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                <ds:X509Data>

                    <ds:X509Certificate>***</ds:X509Certificate>

                </ds:X509Data>

            </ds:KeyInfo>

        </KeyDescriptor>

        <KeyDescriptor use="encryption">

            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                <ds:X509Data>

                    <ds:X509Certificate>***</ds:X509Certificate>

                </ds:X509Data>

            </ds:KeyInfo>

<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc">

                <xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">128</xenc:KeySize>

</EncryptionMethod>

        </KeyDescriptor>

<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>

        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>

        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>

        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>

        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>

        <!--<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://integration.websso.bridge.ies.gto.intranet.db.com/webssoIDP/SAMLProcessor"/>-->

        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://integration.websso.bridge.ies.gto.intranet.db.com/webssoIDP/SAMLCatcher"/>

    </IDPSSODescriptor>

</EntityDescriptor>

We are getting the below error while login :

And in our application, we have configured the SAML 2.0 authentication handler  as :

1581256_pastedImage_3.png