Configuring SAML SSO for Adobe CQ5
Configure Apache Referrer Filter:
Navigate to the web console: http://HOST:4502/system/console/configMgrExpand Apache Sling Referrer Filter
Add the SAML SSO server host name to the Allowed Hosts section (depending on the authoring environment you are configuring), Check the Allow Empty checkbox and Click Save.
Configure Adobe Granite SAML 2.0 Authentication Handler:
Configured the required details for authentication
Path
|
/
|
Service
Ranking
|
5002
|
IPD
URL
|
https://host/SAML2/sso/SAML2Service -
URL of the IDP where the SAML Authentication Request should be
sent to
|
IDP
HTTP Redirect
|
Unchecked
- Use an HTTP Redirect to the IDP URL instead of sending an
AuthnRequest-message to request credential
|
Service
Provider Entity ID
|
http://dev-author.com/ -
ID which uniquely identifies this service provider with the
identity provider
|
Default
Redirect
|
/
|
User
ID Attribute
|
UserID
- The name of the attribute containing the user ID used to
authenticate and create the user in the CRX repository
|
Use
Encryption
|
Unchecked
- Whether or not this authentication handler expects encrypted
SAML assertions
|
Autocreate
CRX Users
|
Unchecked
- Whether or not to autocreate nonexisting users in the
repository
|
Add
to Groups
|
Unchecked
- Whether or not a user should be autmatically added to CRX
groups after successful authentication
|
Group
Membership
|
<empty--no
value> - The name of the attribute containing a list of CRX
groups this user should be added to
|
NameIDPolicy
Format
|
urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
- The value of the NameIDPolicy format parameter to send in the
AuthnRequest message.
|