Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SP Initiated SSO integration in AEM 6.4 with SAML 2.0 Authentication

soumyadipd33248
Level 2
Level 2

Hi All,

I am new to SAML authentication. I would like to understand the steps involved in setting up only SP initiated SSO in AEM 6.4 using SAML authentication.

Kindly assist.

Thanks!!
Soumyadip Dutta

3 Replies
Peter_Puzanovs
Community Advisor
Community Advisor

Dear Soumyadip Dutta,

Have at look two documents below, they provide pretty good overview of steps required:

Demonstration of AEM and SAML integration  and Demonstration of AEM and SAML integration

Regards,

Peter

soumyadipd33248
Level 2
Level 2

Hi smacdonald2008​ / PuzanovsP​,

Thanks for the quick response.

Below is my metadatadata.xml which we have received from IDP ( WEBSSO ) :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<EntityDescriptor entityID="https://www.websso.db.com/IDP" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">

    <IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

        <KeyDescriptor use="signing">

            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                <ds:X509Data>

                    <ds:X509Certificate>***</ds:X509Certificate>

                </ds:X509Data>

            </ds:KeyInfo>

        </KeyDescriptor>

        <KeyDescriptor use="encryption">

            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                <ds:X509Data>

                    <ds:X509Certificate>***</ds:X509Certificate>

                </ds:X509Data>

            </ds:KeyInfo>

<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc">

                <xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">128</xenc:KeySize>

</EncryptionMethod>

        </KeyDescriptor>

<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>

        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>

        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>

        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>

        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>

        <!--<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://integration.websso.bridge.ies.gto.intranet.db.com/webssoIDP/SAMLProcessor"/>-->

        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://integration.websso.bridge.ies.gto.intranet.db.com/webssoIDP/SAMLCatcher"/>

    </IDPSSODescriptor>

</EntityDescriptor>

We are getting the below error while login :

And in our application, we have configured the SAML 2.0 authentication handler  as :

1581256_pastedImage_3.png