Olet tarkastelemassa seuraavan version ohjesisältöä::
- 6.4
- 6.3
- 6.2
- Aiemmat versiot
Security Assertion Markup Language (SAML) is one of the options that you can select when configuring authorization for an enterprise or hybrid domain. SAML is primarily used to support SSO across multiple domains. When SAML is configured as your authentication provider, users log in and authenticate to AEM forms via a specified third-party identity provider (IDP).
For an explanation of SAML, see Security Assertion Markup Language (SAML) V2.0 Technical Overview.
-
In the Service Provider Entity ID box, type a unique ID to use as an identifier for the AEM forms service provider implementation. You also specify this unique ID when configuring your IDP (for example, um.lc.com.) You can also use the URL that is used to access AEM forms (for example, http://AEMformsserver).
-
(Optional) To enable AEM forms to send signed authentication requests to the IDP, perform the following tasks:
Use Trust Manager to import a credential in PKCS #12 format with Document Signing Credential selected as the Trust Store Type. (See Managing local credentials.)
In the Service Provider Credential Key Alias list, select the alias you assigned to the credential in Trust Store.
Click Export to save the URL contents to a file and then import that file into your IDP.
-
(Optional) Select Enable Authentication Prompt For Local Users. When this option is selected, users will see two links:
-
(Optional) Select Enable Artifact Binding to enable artifact binding support. By default, POST binding is used with SAML. But if you have configured Artifact Binding, select this option. When this option is selected, the actual user assertion is not passed through the Browser request. Instead, a pointer to the assertion is passed and the assertion is retrieved using a backend web service call.
-
(Optional) In Custom Properties, specify additional properties. The additional properties are name=value pairs separated by new lines.
You can configure AEM forms to issue a SAML assertion for a validity period that matches the validity period of a third-party assertion. To honor the third-party SAML assertion timeout, add the following line in Custom Properties:
saml.sp.honour.idp.assertion.expiry=trueAdd the following custom property for using RelayState to determine the URL where the user will be redirected after successful authentication.
saml.sp.use.relaystate=trueAdd the following custom property to configure the URL for the custom Java Server Pages (JSP), which will be used to render the registered list of identity providers. If you have not deployed a custom web application, it will use the default User Management page to render the list.saml.sp.discovery.url=/custom/custom.jsp