The Okta/Adobe Experience Manager SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Install the Adobe Experience Manager.
Download and save the following Identity Provider Certificate:
Sign into the Okta Admin Dashboard to generate this variable.
Add your IdP Certificate to the AEM TrustStore by following steps 1-6 described here.
Open the Adobe Experience Manager Web Console Configuration located at yourServer/system/console/configMgr
Where yourServer is the name of your server.
Configure the Adobe Granite SAML 2.0 Authentication Handler as follows:
Path: Enter /
IDP URL: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
IDP Certificate Alias: Enter your Certificate Alias you made a note in step 3.
Service Provider Entity ID: Enter the URL of your server. Make sure to add / at the end of the URL.
For example, if your server URL is https://acme.adobecqm.net, enter https://acme.adobecqm.net/
UserID Attribute: Enter uid.
Use Encryption: Make sure this is left unchecked.
Click Save:
Configure Apache Sling Referrer Filter as follows:
Check Allow Empty.
Allow Hosts: Enter yourSubDomain.okta.com.
Click Save:
Done!
Currently we only support the on-premises version of the Adobe Experience Manager app.
Make sure that you entered the correct value in the Login URL field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to Adobe Experience Manager.
The following SAML attributes are supported:
| Name | Value |
|---|---|
| FirstName | user.firstName |
| LastName | user.lastName |
| uid | user.userName |
Open your Service Provider Entity ID you entered in step 5.