Goal

To provide simple ready to use single sign-on experience with AEM SAML support.

Setup

Get started with three simple steps:

  1. SSOCircle (http://www.ssocircle.com/en/) is a free public identity provider. Register and activate the account in SSOCircle.
  2. Configure SAML in AEM to communicate properly with idp(SSOCircle) by installing the demo package. The package content & configuration mapping covered under section "Additional Mapping Details."
  3. This step is required only if you want to test against your own domain rather than localhost or if AEM running is port other than default one.
    1. Create/update AEM Metadata with IDP provider.  (Log in to SSOCircle, then choose Manage Metadata > Add new Service Provider.) 
      1. Make sure that the Entity ID is unique; change the value of entityID in the following XML to a unique value.
      2. Update the AssertionConsumerService location to valid URL for saml consumption in the following XML.
      3. Finally, update the serviceProviderEntityId to the same value of entityID (Step i) at  http://<host>:<port>/system/console/configMgr/com.adobe.granite.auth.saml.SamlAuthenticationHandler
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://localhost:4502/">
  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
  		<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.ssocircle.com/sso/UI/Logout" />
  		<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:4502/saml_login" index="1"/>
  </md:SPSSODescriptor>
</md:EntityDescriptor>

Additional mapping details

Metadata of SSOCircle available at http://idp.ssocircle.com/.

Примітка.

Download

Цей документ захищено ліцензією Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Публікації Twitter™ і Facebook не підпадають під умови ліцензії Creative Commons.

Юридична інформація   |   Політика мережевої конфіденційності