Demonstration of AEM and SAML integration

Last update: April 25, 2024

To integrate AEM and SAML, first register the account in SSOCircle, then update the AEM Metadata with the IDP provider as described below.

Description

Environment

Adobe Experience Manager

Issue/Symptoms

To provide a simple ready to use single sign-on experience with Adobe Experience Manager (AEM) Security Assertion Markup Language (SAML) support.

Resolution

Get started with three simple steps:

  1. Register and activate the account in SSOCircle. SSOCircle is a free public identity provider.

  2. Configure SAML in AEM to communicate properly with idp(SSOCircle) by installing the demo package. The package content and configuration mapping is covered under section Additional Mapping Details.

    This step is required only if you want to test against your own domain rather than localhost or if AEM running is port other than default one.

  3. Create/update AEM Metadata with IDP provider.

    • Log in to SSOCircle, then choose Manage Metadata > Add new Service Provider.

    • Make sure that the Entity ID is unique; change the value of entityID in the following XML to a unique value.

    • Update the AssertionConsumerService location to valid URL for saml consumption in the following XML.

    • Finally, update the serviceProviderEntityId to the same value of entityID (as chosen above) at https://< host> :< port> /system/console/configMgr/com.adobe.granite.auth.saml.SamlAuthenticationHandler

      <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://localhost:4502/">
                <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
                        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.ssocircle.com/sso/UI/Logout" />
                        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
                    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:4502/saml_login" index="1"/>
                </md:SPSSODescriptor>
        </md:EntityDescriptor>

Additional mapping details

Refer to Metadata of SSOCircle for more information.

Download AEM SAML Config Package.

Note: If you are a Mac user and are unable to access the zip file package after downloading it from the above link, follow the below-mentioned steps.

Steps to open on Mac

  1. Download the file AEM_SAML_SSOCircle_Demo_Package-1.zip and move it from the Downloads folder into the Desktop folder.
  2. Open Terminal.
  3. To change your directory to the Desktop folder, type into the terminal the following commands:cd desktop
  4. To unzip the file, type into the terminal: unzip AEM_SAML_SSOCircle_Demo_Package-1.zip 
  5. If you see lines of code, it indicates that the command is working and your zip file is now unzipped. In the Desktop folder, you will see a new folder of your zip file.
3d58f420-19b5-47a0-a122-5c9dab55ec7f

The Perfect Blend: A New Era of Collaboration with AEM and Workfront

Adobe Customer Success Webinars

Wednesday, Apr 2, 5:00 PM UTC

Explore how Adobe Experience Manager and Workfront integrate to help teams move from ideation to delivery without the usual bottlenecks, ensuring content is organized, on-brand, and ready to go live faster.

Register

Driving Marketing Agility and Scale: Transforming your Content Supply Chain with AI

Online | Strategy Keynote | General Audience

Marketers everywhere are feeling the pressure to deliver impactful campaigns faster and at greater scale. This Strategy Keynote explores...

Tue, Mar 18, 2:30 PM PDT (9:30 PM UTC)

Register

Elevate and Empower Teams with Agentic AI for Exceptional Experiences

Online | Strategy Keynote | General Audience

Elevate and empower your CX teams with AI that transforms creativity, personalization, and productivity. Discover how Adobe is...

Tue, Mar 18, 1:00 PM PDT (8:00 PM UTC)

Register

Connect with Experience League at Summit!

Get front-row access to top sessions, hands-on activities, and networking—wherever you are!

Learn more

Register now