SAML Configuration on 6.5
See Adobe Help for detailed procedure: SAML 2.0 Authentication Handler
Configuration
The IDP is provided and managed by Middleware Services
For example, if using PROD cert: Download the IdP certificate here and follow these stpes:
-
Upload the certificate to the Global Truststore at
/libs/granite/security/content/truststore.html- Under "Add Certificate from CER file", select the certificate -- the PEM format is fine.
- Do not fill in the "Map Certificate To User" box.
- Click "Submit"
- When uploaded, a new certalias entry will appear as a file with the current timestamp, ex:
certalias___1552540115194
-
Search for "SAML" in the Web Console Configuration page (
/system/console/configMgr)- IDP URL: https://login.vt.edu/profile/SAML2/POST/SSO
- Replace the
IDP Certificate Aliaswith the certalias from above. - Click "Save" button.
- Next, search for "CORS" in the Web Console Configuration page (
/system/console/configMgr) and fill it as shown below:
- Click "Save" button.
Configure a Logger for SAML
You can set up a Logger in order to debug any issues that might arise from misconfiguring SAML. You can do this by:
- Going to the Web Console, at
/system/console/configMgr - Search for and click on the entry called
Apache Sling Logging Logger Configuration -
Create a logger with the following configuration:
- Log Level:
Debug - Log File:
logs/saml.log - Logger:
com.adobe.granite.auth.saml
- Log Level: