AEM 6.2 SSO (SAML) Integration

Question

I'm trying to integrate a SSO SAML provider into a local AEM instance for testing. First I tried this article: https://helpx.adobe.com/experience-manager/kb/simple-saml-demo.html , when starting the AEM, user is redirected to the ssocircle login page, but after the login, it stucks in an infinite recaptcha page redirects. So i assumed that the article and setup was for AEM 6. I went next to this article: http://www.aemstuff.com/blogs/july/saml.html which looks promising for AEM 6.1 and probably 6.2. In that article the identity provider has 'blogsaml.com' as it's host name. I couldn't find any provider under this domain. my questions are:

1- How can i get rid of the recaptcha loop, and get back to AEM after the login in open circle?

2- is there the possibility to get a "IdP certificate" from ssocircle? (and what exactly is this cert?)

3- is there any other free to use / try sso provider that could be used with AEM?

4- any other tutorials/ articles for integrating a free sso in AEM is welcomed.

Answer 1

We get AEM 6.2 with an SSO Circle Pro account running.

Key changes from the setup in https://helpx.adobe.com/experience-manager/kb/simple-saml-demo.html and http://www.aemstuff.com/blogs/july/saml.html were:

using the old certificate from SSO Circle: https://www.ssocircle.com/en/public-idp-configuration-deprecated/

Apache Sling Service User Mapper Service Amendment :"com.adobe.granite.auth.saml=authentication-service"

Making sure the authentication-service has all read/write permissions. and setting the default group to 'contributor' in the SAML 2 configMgr instead of "administrators" from the config package from the first adobe docs link.