After logging in IDP through SAML auth IDP POST to /saml_login URL returns 403 response

Question

SAML Authentication configured by following this guide:
https://wttech.blog/blog/2019/how-to-setup-aem-publish-saml-authentication-using-okta
 
and after logging in IDP the POST request to configured URL returns unauthorized 403.
http://aem-publish-host/content/......./login.html
 
Dispatcher has a filter configured to allow POST request on given path 
/0053 { /type "allow" /method "POST" /url "*/login.html" } # allow post for SAML
 
What other options are there to investigate? 
Thanks

andrija_sm · Accepted Answer

Thanks, I've added "Allow Empty" referrer according to the link you kindly provided. This cleared the 403 error.

However now - accessing login.html enters into a loop of constantly redirecting to sso/saml IDP login page.

There is nothing in SAML logs:

08.03.2023 15:40:22.581 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=com.adobe.granite.auth.saml.SamlAuthenticationHandler.f94668b4-8ce0-483a-98d0-46025b2c2cd6)] com.adobe.granite.auth.saml Service [com.adobe.granite.auth.saml.SamlAuthenticationHandler.f94668b4-8ce0-483a-98d0-46025b2c2cd6,80376, [org.apache.sling.auth.core.spi.AuthenticationHandler]] ServiceEvent REGISTERED

AlbinIs1 · Answer

The 403 issues can be triggered when the Referrer Filter rejects the request; you may need to configure the Referrer Filter based on the IDP configurations.

Refer to Exceptions/Issues while configuring SAML Authentication Handler - Adobe Experience Manager(AEM) (albinsblog.com) for more details.

Regards

Albin

https://www.albinsblog.com

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded