SAML WITH AEM 6.1

With AEM6.1 there are some changes in configuration of SAML Authentication handler compared to earlier version of AEM. This section concentrates only on configuration changes of SAML 2.0 with AEM6.1

STEPS

1. Add IdP public cert to AEM truststore

• Go to: http://localhost:4502/libs/granite/security/content/useradmin.html
• Select any user because TrustStore is global to AEM
• Create trust store by supplying the password & then manage trust store
• Upload the IdP certificate & make note of the certificate Alias

2. Add SP key and certificate chain to AEM keystore (authentication-service)

• Go to: http://localhost:4502/libs/granite/security/content/useradmin.html
• Select authentication-service
• Create KeyStore by supplying the password
• If encrypting SAML assertions then go to manage KeyStore for uploading the private & public key

3. Configure the SAML authentication handler in the web console

• Go to: http://localhost:4502/system/console/configMgr
• Search for Adobe Granite SAML 2.0 Authentication Handler
• Add a new handler configuration and alias here should match with step1.

4. Configure Referrer Filter

• Configure host at:http://localhost:4502/system/console/configMgr/org.apache.sling.security.impl.ReferrerFilter

EARLIER VERSION

https://helpx.adobe.com/experience-manager/kb/saml-demo.html
https://helpx.adobe.com/experience-manager/kb/simple-saml-demo.html

VIDEO