Hi Sham,You said permission is restricted, what permission? it is AEM permissions? how should we set the permission if users doesn't created in AEM automatically after IDP authenticated successfully? I set the default group attribute with correct group (contributor/administrators) and leave groupmem...

Hi Sham,It seems like for AEM 6.0 sp1, it must provide group attribute in saml response from IDP side, right? if IDP doesn't configure the group attribute, it will get the HTTP 403 error in AEM, right? So that's why groupmembership attribute in AEM saml handler needed? How about using default group ...

Hello,Did you fix this problem? Any work around solution for saml authentication in AEM 6.0 sp1? I got the same problem as you.Any suggestions are appreciate.