Upload multiple certificates on AEM 6.4 publisher | Community
Skip to main content
S
sandhya1
December 6, 2021
Solved

Upload multiple certificates on AEM 6.4 publisher

  • December 6, 2021
  • 1 reply
  • 794 views

Hi,

We have few gated applications with the saml authentication and Okta as IDP platform.

 

On Okta, we have created a certificate for one gated application and uploaded to AEM. All the functionalities are working as expected  for that gated application.

Whenever trying to login to the other gated applications, it is redirecting us to the /error/404.html

Looks like one certificate will work for only one application. We can create multiple certificates on Okta, but On AEM we are unable to upload more than one certificate. If we try to upload new certificates it overrides the old one and gives us the new cert_alias name.

 

How can we upload multiple certificates to the publisher?

 

Also, we are seeing the below error in the saml.log

 

We are seeing the below error in saml.log
01.12.2021 10:56:44.366 *INFO* [qtp2145671214-11099] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token

Solutions tried/ observations :

1. serviceProviderEntityId and audience value returned are same

2. /libs/granite/csrf/token.json - returns null after login 
      a. Dispatcher rules are verified and looks good

3. login-token is not generated after login 

4. Apache Sling Referrer Filter - allowed IDP host and methods

Any pointers would be appreciated.

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Jineet_Vora

Hi @sandhya1, if the CN which is the Common Name of the certificate is same for both the applications, then AEM will override the previously uploaded certificate and create a new certificate alias.

I remember such issue which happened in one of my previous organisations I was working for and we contacted Okta consultant and they were able to resolve the issue. It is probably their certificate which needs to handle multiple apps configured on same IP/machine. Please reach out to them (if not already) and they shall be able to resolve this issue.

- Jineet

1 reply

Jineet_Vora
Community Advisor and Adobe Champion
Jineet_VoraCommunity Advisor and Adobe ChampionAccepted solution
Community Advisor and Adobe Champion
February 20, 2022

Hi @sandhya1, if the CN which is the Common Name of the certificate is same for both the applications, then AEM will override the previously uploaded certificate and create a new certificate alias.

I remember such issue which happened in one of my previous organisations I was working for and we contacted Okta consultant and they were able to resolve the issue. It is probably their certificate which needs to handle multiple apps configured on same IP/machine. Please reach out to them (if not already) and they shall be able to resolve this issue.

- Jineet

    Terms & ConditionsAccessibility statement

    Loading footer...