AEM 6.1 Single-Sign-On(SSO) with OKTA

gurub46428210 10-07-2017

What problem we are solving?

Configure AEM6.1 to allow authors to login to /projects.html using OKTA.

What's done?

Configured AEM6.1 author per the steps specified in the document-

Have we done OKTA integration with AEM6.1?

Yes; it's working in our Production environment; we created new test environment from scratch, OKTA SSO not working for the new author environment.

Issues we are facing: Not able to login to author using our network username & password.

  • CQ Author level:
    • Server logs:
      • 05.07.2017 23:30:45.683 *WARN* [qtp535806943-32583] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.

      • 05.07.2017 23:32:03.085 *WARN* [qtp535806943-31835] com.adobe.granite.auth.saml.SamlAuthenticationHandler Could not retrieve SP's private key: Uninitialised key store for user authentication-service


  • What could be causing above errors? How to resolve them?
  • Any known SSO bug with AEM 6.1?

Accepted Solutions (1)

Accepted Solutions (1)

Answers (1)

Answers (1)

MC_Stuff 11-07-2017

Hi Guru,

   None of the log message you mentioned is nothing to worry about.  Issue sounds to be different that saml.

Enable debug on   com.adobe.granite.auth.saml.SamlAuthenticationHandler and then repeat the test case and send us logs, osgi config snapshot and har file.  Generating HAR files and Analyzing Web Requests - Atlassian Documentation