Get started with three simple steps:
- SSOCircle (http://www.ssocircle.com/en/) is a free public identity provider. Register and activate the account in SSOCircle.
- Configure SAML in AEM to communicate properly with idp(SSOCircle) by installing the demo package. The package content & configuration mapping covered under section "Additional Mapping Details."
- This step is required only if you want to test against your own domain rather than localhost or if AEM running is port other than default one.
- Create/update AEM Metadata with IDP provider. (Log in to SSOCircle, then choose Manage Metadata > Add new Service Provider.)
- Make sure that the Entity ID is unique; change the value of entityID in the following XML to a unique value.
- Update the AssertionConsumerService location to valid URL for saml consumption in the following XML.
- Finally, update the serviceProviderEntityId to the same value of entityID (Step i) at http://<host>:<port>/system/console/configMgr/com.adobe.granite.auth.saml.SamlAuthenticationHandler
- Create/update AEM Metadata with IDP provider. (Log in to SSOCircle, then choose Manage Metadata > Add new Service Provider.)
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://localhost:4502/"> <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.ssocircle.com/sso/UI/Logout" /> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:4502/saml_login" index="1"/> </md:SPSSODescriptor> </md:EntityDescriptor>
Huomautus:
- For AEM6, make sure that the latest service pack is installed.
- For setting you own IDP demo, see http://helpx.adobe.com/experience-manager/kb/saml-demo.html
- Configuration changes of SAML 2.0 with AEM6.1
- Video