9 thoughts on “Setting up SAML Authentication on AEM

  1. This seems to be a really helpful article, thank you!

    However, do you happen to know how to tweak the configuration if, for example, AEM is running under a different content root, like http://host:8080/aem/ or /lc/ like with LiveCycle?

    In that case, what’s the impact on configuration values like /saml_login ?

    It would be great if you or someone has gotten that working already 😉

    1. The SamlAuthenticationHandler intercepts url that ends with /saml_login. So, I would assume that having different context prefix on the path shouldn’t matter. The other way of handling this perhaps could at the apache level internally mapping/writing rules to send appropriate request to the publisher.

  2. could you also tell what are the changes need on AEM side , if we are doing an IDP – initiated authentication.


  3. Hi,
    I have setup all these. SAML login successful. But is not happening. The AEM version is CQ_5.6.1.
    Any idea on how to make logout functional?

    1. For logout functionality Normally your AEM URl should be in SSL, Second identify which attribute is expecting from IDP to invalidate the token,
      In one of the implementation we had used SessionIndex as the parameter for logout. But normally AEM was not sending it to IDP. We.We got a fix pack from Adobe to resolve the issue.

      Final Note: The configuration got changed in AEM-6.1

      1. Hi Dinesh,
        I’m facing similar issue. I set up SAML SSO on one of the AEM server but logout is the issue. I gave correct logout URL on SP side (AEM) and it is going to that URL on browser but showing IdP error and the session is not getting destroyed. I’m using AEM 6.0
        Please help.

  4. Is there any ways to deleted the no active users from AEM side. Or when user is signout user profile gets deleted from AEM (Service Provider )


Leave a Reply

Your email address will not be published. Required fields are marked *