Demonstration of AEM and SAML integration


To provide simple ready to use single sign-on experience with AEM SAML support.


Get started with three simple steps:

  1. SSOCircle ( is a free public identity provider. Register and activate the account in SSOCircle.
  2. Configure SAML in AEM to communicate properly with idp(SSOCircle) by installing the demo package. The package content & configuration mapping covered under section "Additional Mapping Details."
  3. This step is required only if you want to test against your own domain rather than localhost or if AEM running is port other than default one.
    1. Create/update AEM Metadata with IDP provider.  (Log in to SSOCircle, then choose Manage Metadata > Add new Service Provider.) 
      1. Make sure that the Entity ID is unique; change the value of entityID in the following XML to a unique value.
      2. Update the AssertionConsumerService location to valid URL for saml consumption in the following XML.
      3. Finally, update the serviceProviderEntityId to the same value of entityID (Step i) at  http://<host>:<port>/system/console/configMgr/com.adobe.granite.auth.saml.SamlAuthenticationHandler
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://localhost:4502/">
  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="" />
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:4502/saml_login" index="1"/>

Additional mapping details

Metadata of SSOCircle available at



Adobe logo

Sign in to your account