Documentation

Demonstration of AEM and SAML integration

Last update: Thu Apr 25 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

To integrate AEM and SAML, first register the account in SSOCircle, then update the AEM Metadata with the IDP provider as described below.

Description description

Environment

Adobe Experience Manager

Issue/Symptoms

To provide a simple ready to use single sign-on experience with Adobe Experience Manager (AEM) Security Assertion Markup Language (SAML) support.

Resolution resolution

Get started with three simple steps:

  1. Register and activate the account in SSOCircle. SSOCircle is a free public identity provider.

  2. Configure SAML in AEM to communicate properly with idp(SSOCircle) by installing the demo package. The package content and configuration mapping is covered under section Additional Mapping Details.

    This step is required only if you want to test against your own domain rather than localhost or if AEM running is port other than default one.

  3. Create/update AEM Metadata with IDP provider.

    • Log in to SSOCircle, then choose Manage Metadata > Add new Service Provider.

    • Make sure that the Entity ID is unique; change the value of entityID in the following XML to a unique value.

    • Update the AssertionConsumerService location to valid URL for saml consumption in the following XML.

    • Finally, update the serviceProviderEntityId to the same value of entityID (as chosen above) at https://< host> :< port> /system/console/configMgr/com.adobe.granite.auth.saml.SamlAuthenticationHandler

      code language-none 
      <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://localhost:4502/">
                <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
                        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.ssocircle.com/sso/UI/Logout" />
                        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
                    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:4502/saml_login" index="1"/>
                </md:SPSSODescriptor>
        </md:EntityDescriptor>

Additional mapping details

Refer to Metadata of SSOCircle for more information.

Download AEM SAML Config Package.

Note: If you are a Mac user and are unable to access the zip file package after downloading it from the above link, follow the below-mentioned steps.

Steps to open on Mac

  1. Download the file AEM_SAML_SSOCircle_Demo_Package-1.zip and move it from the Downloads folder into the Desktop folder.
  2. Open Terminal.
  3. To change your directory to the Desktop folder, type into the terminal the following commands:cd desktop
  4. To unzip the file, type into the terminal: unzip AEM_SAML_SSOCircle_Demo_Package-1.zip 
  5. If you see lines of code, it indicates that the command is working and your zip file is now unzipped. In the Desktop folder, you will see a new folder of your zip file.
recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f