Configuring SAML SSO on AEM using WSO2 Identity Server

Adobe AEM supports SSO using SAML. In this post we will show how to setup SAML SSO using WSO2 Identity Server as IDP.

As basis for this article we will use this blog post from AEM Stuff.

Add IdP public cert to AEM truststore

Following the steps described in the post we need to upload the public certificate from the IDP. To generate the public key for the WSO2 IS installation, we need to perform those steps:

Add SP key and certificate chain to AEM keystore (authentication-service)

After we created the Public Certificate, we need to upload it to the AEM TrustStore as described in the tutorial.

Then we need to add SP key and certificate chain to AEM keystore (authentication-service) as described in the tutorial.

WSO2 Identity Server - Service Provider Configuration

Before we configure the SAML Authentication Handler, we are going to configure the WSOS IS.

We need to create a new Service Proider in order to let AEM uses WSOSIS as an IDP. To do that we need to log into WSO2IS https://localhost:9443/carbon

Go to Identity > Service Providers > Add

We need to specify a Service Provider name, then we need to configure the SAML Web SSO. To do that we need to go into the section Inbound Authentication Configuration > SAML2 Web SSO Configuration and click Configure

Then we need to provide the configuration for SAML SSO like the image below:

Service Provider Configuration

SAML Authentication Handler

Then we need to configure the SAML Authentication Handler. Below we can see how the handler was configured to use WSo2IS:

SAML Authentication Handler

After this we need to Configure Referrer Filter.

Testing the Configuration

After we performed all those steps, and if everything is fine, when we access aem:


We will be redirected to WSO2IS login screen. The we need to use an user that is created on WSO2IS to log. After the login successful we will be redirected to the AEM.

If we go to the Users section Tools -> Operations -> Security -> Users, we can find the user we just logged into AEM created.created

An example on how it will work after the configuration can be seen in the video below:

I hope you enjoyed.

Thanks, see you in the next post.

comments powered by Disqus