Okta

How to Configure SAML 2.0 for Adobe Experience Manager

Contents


Supported Features

The Okta/Adobe Experience Manager SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.


Configuration Steps

  1. Install the Adobe Experience Manager.

  2. Download and save the following Identity Provider Certificate:

    Sign into the Okta Admin Dashboard to generate this variable.

  3. Add your IdP Certificate to the AEM TrustStore by following steps 1-6 described here.

  4. Open the Adobe Experience Manager Web Console Configuration located at yourServer/system/console/configMgr

    Where yourServer is the name of your server.

  5. Configure the Adobe Granite SAML 2.0 Authentication Handler as follows:

    • IDP URL: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • IDP Certificate Alias: Enter your Certificate Alias you made a note in step 3.

    • Service Provider Entity ID: Enter the URL of your server.

    • UserID Attribute: Enter uid.

    • Click Save:

    Enter Adobe CQ SAML config values

  6. Configure Apache Sling Referrer Filter as follows:

    • Check Allow Empty.

    • Allow Hosts: Enter yourSubDomain.okta.com.

    • Click Save:

    Configure Apache Sling Referrer Filter

  7. Done!


Notes


SP-initiated SSO

Open your Service Provider Entity ID you entered in step 5.