- Overview
- Best practices to follow
- Setting up OKTA authentication with AEM Author
- Creating your first Adaptive Form
- 1 - Introduction and Setup
- 2 - Create Adaptive Form template
- 3 - Create form fragment
- 4 - Create Adaptive Form
- 5 - Configuring root panel and adding child panels
- 6 - Adding components to People panel
- 7 - Adding table to income panel
- 8 - Configuring assets panel
- 9 - Using custom functions and code editor
- Handling Form Submissions
- Useful Integrations
- Creating OSGi bundle
- Adaptive Forms
- Installing AEM Forms on Windows
- Installing 32 bit packages on Linux
- Prefill Service in Adaptive Forms
- Populate Adaptive Form using query parameters
- Custom Submit in Adaptive Forms
- Captcha in Adaptive Forms
- Custom Functions in Rule Editor
- Embedding Adaptive Form in web page
- Creating array of strings
- Item Load Path in AEM Forms
- Using Set Value in XML in OSGI Workflow
- Using Set Value in JSON in OSGI Workflow
- Send Email Component in AEM Forms Workflow
- Generating DocumentOfRecord using API
- Displaying Inline Images
- Displaying DAM images inline
- Using GeoLocation API
- Using Transaction Reporting
- User Profile Data Integration in AEM Forms
- Microsoft Dynamics with AEM Forms
- Rule Editor Enhancements
- Restricting Access to Rule Editor
- Theme Editor Enhancements
- Form Editor Enhancements
- Automated Testing Of Adaptive Forms
- Automated Testing Of Adaptive Forms
- Integrating LDAP with AEM Forms
- Using Service User in AEM Forms
- Tagging and Storing DoR on Adaptive Form Submission
- Populating table with the results from Form Data Model Service Invocation
- Capturing workflow comments
- Storing Submitted Form Data in DB
- Inserting form attachment in DB
- Modify Data Source Configuration
- Override Form Data Model Properties
- Form Data Model Service in AEM 6.4 Workflow
- Handling Error Messages in Form Data Model Service Step
- Form Data Model Service in AEM 6.5.1 Workflow
- Form Data Model without Data Source
- Computed Form Data Model Element
- Setting up JDBC Data Source in AEM Forms
- JDBC Based Form Data Model
- Create Associations between 2 entities in Form Data Model
- Using Form Data Model’s invoke service in Rule Editor
- Post Binary Data to AEM DAM Using Form Data Model
- Creating Re-Usable Workflow Models
- Custom Process Step AEM Workflow
- Pre-Populating HTML5 Forms
- Form Data Model with Salesforce
- Adding Items Dynamically to Choice Component
- Select and assemble DAM folder content
- Prefilling adaptive form using form data model
- UI Tips and Tricks
- Customizing inbox
- Email form attachments
- Storing and Retrieving Adaptive Form
- Import data from pdf file
- Exporting Submitted Data in CSV Format
- HTML5 Forms
- AEM Forms and Acrobat Sign
- Introduction
- Set up SSL
- Create Acrobat Sign API Application
- Create Acrobat Sign Cloud Configuration
- Create Workflow to send document for signing
- Create and Configure Adaptive Form
- Configure Adaptive Form for single signer
- Configure Adaptive Form for two signers
- Configure Automated Forms Conversion Service
- Convert PDF Form into Adaptive Form
- Configure converted Adaptive Form
- Using XDP templates with Acrobat Sign
- Sign Multiple Forms
- Custom workflow steps
- Custom workflow component
- Variables in AEM Workflow
- Review form data
- Storing and Retrieving Form Data in MySQL DB
- Triggering AEM Workflow from Mobile Form submission
- Querying Submitted Data
- Listing Custom Asset Types in Forms Portal
- AEM Forms With Marketo
- AEM Forms with Adobe Campaign Standard
- Welcome Kit
- Headless Forms API
- React App with Forms and Acrobat Sign
- Document Services
- Types of PDF forms
- Embed pdf in adaptive form
- PDF’s in carousel component
- Using Assembler Service in AEM Forms
- XDP Stitching with Assembler Service
- Using Watched Folder in AEM Forms
- Using Barcode Service in AEM Forms
- Using PDFG Service in AEM Forms
- Using Output and Forms Service in AEM Forms
- Using xdp fragments in output service
- ECMA script to generate pdf with fragments
- Generating multiple pdf’s from one data file
- Generate PDF on Mobile Form Submission
- Generate Interactive PDF from Mobile Form
- Generate Interactive DoR from Adaptive Form
- Configure Reader Extensions Credential
- Apply Usage Rights to PDF on XDP Rendition
- Apply Usage Rights to Uploaded PDF
- Certify Documents
- Assemble Form Attachments
- Useful Utility Services
- Interactive Communications for Print Channel
- 1 - Introduction
- 2 - Set up Tomcat
- 3 - Create Data Source
- 4 - Create Form Data Model
- 5 - Create XDP Layout using Forms Designer
- 6 - Create Document Fragment
- 7 - Create Print Channel Document
- 8 - Adding Content to Target Areas
- 9 - Configuring Line Chart
- 10 - Adding Table to Print Channel
- 11 - Using Watched Folder to Generate Documents
- 12 - Opening Agent UI on Form Submission
- Save and Retrieve Draft Letters
- Interactive Communications
- Using Batch API
- MultiSeries Charts
- Generate Print Channel Documents From Submitted Data
- Using Reducer Functions
- Two Column Layout in Print Channel Documents
- Using Table Component in AEM Forms Print Channel Document
- Generating Interactive Communications Document for Print Channel using Watch Folders
- Customize text editor
- Interactive Communications For Web Channel
- 1 - Introduction
- 2 - Set up Tomcat
- 3 - Create Data Source
- 4 - Create Form Data Model
- 5 - Creating Web Channel Document Template
- 6 - Creating Document Fragment
- 7 - Creating Interactive Communication Document
- 8 - Adding Text and Images
- 9 - Configuring Line chart
- 10 - Configuring Table
- 11 - Configuring Column Chart
- 12 - Configuring Pie Chart
- 13 - Delivery Of Web Channel Document
- Email Delivery of Web Channel Document
- Troubleshooting
- Document Services: Steps to troubleshoot DDX related issues
- Document Services: Steps to troubleshoot PDFA conversion issues
- Document Services: How to debug font related issue for Forms and Output Service
- Document Services: How to embed fonts for Forms and Output Service
- Document Services: How to enable performance logging to debug Forms and Output Service
- Document Services: How to increase aries transaction timeout for conversion of large files
- Document Services: How to run load tests using FormsIVS and OutputIVS
- Document Services: How to update custom XDPs and data files in FormsIVS and OutputIVS
- Document Services: Steps to enable verbose ORB trace
- Document Services: Steps to tweak bmc pool size for XMLFormService part1
- Document Services: Steps to tweak bmc pool size for XMLFormService part2
- Document Services: Steps to tweak parameters on JMX console
- Enable merging of large xml data files with template
- PDFG: How to change the transaction timeouts in PDFG
- PDFG: How to update CORBA timeout in PDFG
- PDFG: How to update the timeouts in PDFG
- PDFG: Steps to add PDFG user in windows server 2016
- PDFG: Steps to check and install 32 bit libraries and their dependencies
- PDFG: Steps to check folder permission on windows server 2016
- PDFG: Steps to enable strace on unix
- PDFG: Steps to install required 32bit Microsoft Visual C++ redistributables
- PDFG: Steps to run and interpret output of System Readiness Tool
- PDFG: Steps to troubleshoot acrobat specific issues
- PDFG: Steps to troubleshoot HtmltoPDF issues on windows
- PDFG: Steps to troubleshoot HtmltoPDF specific issues on unix(PhantomJS)
- PDFG: Steps to troubleshoot HtmltoPDF specific issues on unix(WebKit conversion)
- PDFG: Steps to troubleshoot multi user PDFG Conversion on unix
- PDFG: Steps to troubleshoot multi user PDFG Conversion on windows
- PDFG: Steps to troubleshoot OpenOffice specific issues on unix
- PDFG: Steps to troubleshoot OpenOffice specific issues on windows
- Document Security: How to apply policy created using document security module in Acrobat
- User Management: How to add users or groups in AEM Forms JEE
- User Management: How to increase UM Session timeout
- Workbench: Connecting workbench using https
- Workbench: Gathering Workbench logs from help menu
- Workbench: How to enable debug output for Workbench
- Workbench: How to tweak workbench memory parameters
- Workbench: How to tweak workbench performance parameters
- Designer: Dependency of Designer on C++ redistributable
- Designer: How to enable HTML Preview
- Designer: How to enable PDF Preview
- Designer: How to install Designer Patches
- JEE Foundation: How to change the value of entropy
- JEE Foundation: How to change transaction timeout of any service in AEM Forms JEE
- JEE Foundation: How to purge process records from the Job Manager table
- JEE Foundation: How to run process purge from command line
- JEE Foundation: Steps to bootstrap manually
- JEE Foundation: Steps to capture debug logs for mobile forms
- JEE Foundation: Steps to mitigate ForcedDisconnectException
- General: How to add management user for JBoss admin console
- General: How to capture HAR logs
- General: How to capture heap dumps of a JVM on a unix server
- General: How to capture heap dumps of a JVM on a windows server
- General: How to capture network logs
- General: How to capture Thread dumps of a JVM on a unix server
- General: How to capture Thread dumps of a JVM on a windows server
- General: How to generate a self signed certificate
- General: How to make web service call from HTML5 form
- General: Steps to enable debug logging for any classes in AEM Forms OSGI
- General: Steps to enable debug logging for any classes in JBOSS Application Server
- General: Steps to enable debug logging for any classes in Websphere Application Server
- General: Steps to enable SSL for AEM Forms OSGi
- General: Steps to encrypt keystore password to be used in lc_turnkey.xml
- General: Steps-to-reset-default-password-for-users-in-AEM-Forms-JEE
- General: Steps-to-reset-default-password-for-users-in-AEM-Forms-OSGI
- General: Steps to set up gemfire locators in a cluster and perform related configuration
Authenticate to AEM Author using OKTA
The first step is to configure your app on OKTA portal. Once your app is approved by your OKTA administrator you will have access to IdP certificate and single sign on URL. The following are the settings typically used in registering new application.
- Application Name: This is your application name. Make sure you give a unique name to your application.
- SAML Recipient: After authentication from OKTA, this is the URL which would be hit on your AEM instance with the SAML response. SAML authentication handler normally intercepts all the URL’S with / saml_login but it would be preferable to append it after your application root.
- SAML Audience: This is the domain URL of your application. Do not use protocol(http or https) in the domain URL.
- SAML Name ID: Select Email from the drop down list.
- Environment: Choose your appropriate environment.
- Attributes: These are the attributes you get about the user in the SAML response. Specify them as per your needs.
Add the OKTA (IdP) Certificate to the AEM Trust Store
Since SAML assertions are encrypted, we need to add the IdP (OKTA) certificate to the AEM trust store, to allow secure communication between OKTA and AEM.
Initialize trust store, if not initialized already.
Remember the trust store password. We will need to use this password later in this process.
-
Navigate to Global Trust Store.
-
Click on “Add Certificate from CER file”. Add the IdP certificate provided by OKTA and click submit.
NOTEPlease do not map the certificate to any user
On adding the certificate to trust store you should get certificate alias as shown in the screen shot below. The alias name could be different in your case.
Make a note of the certificate alias. You need this in the later steps.
Configure SAML authentication handler
Navigate to configMgr.
Search and open “Adobe Granite SAML 2.0 Authentication Handler”.
Provide the following properties as specified below
The following are the key properties that need to be specified:
- path - This is the path where the authentication handler is triggered
- IdP Url:This is your IdP url which is provided by OKTA
- IDP Certificate Alias:This the alias you got when you added the IdP certificate into AEM trust store
- Service Provider Entity Id:This is the name of your AEM Server
- Password of Key store:This is the trust store password that you used
- Default Redirect:This is the URL to redirect to on successful authentication
- UserID Attribute:uid
- Use Encryption:false
- Autocreate CRX Users:true
- Add to Groups:true
- Default Groups:oktausers(This is the group to which the users are added. You can provide any existing group within AEM)
- NamedIDPolicy: Specifies constraints on the name identifier to be used to represent the requested subject. Copy and paste the following highlighted string urn:oasis:names:tc:SAML:2.0:nameidformat:emailAddress
- Synchronized Attributes - These are the attributes that are being stored from SAML assertion in AEM profile
Configure Apache Sling Referrer Filter
Navigate to configMgr.
Search and open “Apache Sling Referrer Filter”.Set the following properties as specified below:
- Allow Empty: false
- Allow Hosts: IdP’s hostname (This is different in your case)
- Allow Regexp Host: IdP’s hostname (This is different in your case)
The Sling Referrer Filter Referrer properties screenshot
Configure DEBUG Logging for the OKTA integration
When setting up the OKTA integration on AEM, it can be helpful to review the DEBUG logs for AEM’s SAML Authentication handler. To set the log level to DEBUG, create a new Sling Logger configuration via the AEM OSGi Web Console.
Remember to remove or disable this logger on Stage and Production to reduce log-noise.
When setting up the OKTA integration on AEM, it can be helpful to review DEBUG logs for AEM’s SAML Authentication handler. To set the log level to DEBUG, create a new Sling Logger configuration via the AEM OSGi Web Console.
Remember to remove or disable this logger on Stage and Production to reduce log-noise.
-
Navigate to configMgr
-
Search and open “Apache Sling Logging Logger Configuration”
-
Create a logger with the following configuration:
- Log Level: Debug
- Log File: logs/saml.log
- Logger: com.adobe.granite.auth.saml
-
Click on save to save your settings
Test your OKTA configuration
Logout of your AEM instance. Try accessing the link. You should see OKTA SSO in action.
Resources
Adobe Account
Change language
Copyright © 2023 Adobe. All Rights Reserved.
