AEM 6.1 Single-Sign-On(SSO) with OKTA



What problem we are solving?

Configure AEM6.1 to allow authors to login to /projects.html using OKTA.

What's done?

Configured AEM6.1 author per the steps specified in the document-

Have we done OKTA integration with AEM6.1?

Yes; it's working in our Production environment; we created new test environment from scratch, OKTA SSO not working for the new author environment.

Issues we are facing: Not able to login to author using our network username & password.

  • CQ Author level:
    • Server logs:
      • 05.07.2017 23:30:45.683 *WARN* [qtp535806943-32583] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.

      • 05.07.2017 23:32:03.085 *WARN* [qtp535806943-31835] com.adobe.granite.auth.saml.SamlAuthenticationHandler Could not retrieve SP's private key: Uninitialised key store for user authentication-service


  • What could be causing above errors? How to resolve them?
  • Any known SSO bug with AEM 6.1?

Accepted Solutions (1)

Accepted Solutions (1)

Answers (1)

Answers (1)



Hi Guru,

   None of the log message you mentioned is nothing to worry about.  Issue sounds to be different that saml.

Enable debug on   com.adobe.granite.auth.saml.SamlAuthenticationHandler and then repeat the test case and send us logs, osgi config snapshot and har file.  Generating HAR files and Analyzing Web Requests - Atlassian Documentation