Hello Guys, I am trying to implement SAML integration with AEM 6.4. I have followed most of the steps mentioned in the link https://helpx.adobe.com/experience-manager/using/aem63_saml.html.[1] Below are the steps I did.
1.Created an SSOCircle account as mentioned in [1].
2.Configured KeyStore & Truststore as in [1]
3.Modified SAML 2.0 Handler and Referrer filter configuration as mentioned in [1]
4.Modified "Apache Sling Authentication Service" configuration to have authentication for below paths
+/content
+/etc/designs
+/libs/granite/oauth/content/authorization
5.Modified "Apache Sling Authentication Service" configuration to uncheck the checkbox against "Allow Anonymous Access"
6.Modified "Day CQ Root Mapping" configuration to point to my applcications home page.(/content/<myapps>/homepage.html)
7.Add a logout link to my page header <a href="https://forums.adobe.com/system/sling/logout">
When I access my page for first time, I was taken to the SSO Circle login page, I entered the credentials and was taken to my applications home page. On clicking logout , I was taken to the SSO cirlce login page.
After that whenever I try to login again, it always takes me to /system/sling/logout and further to SSO circle logout page. (https://idp.ssocircle.com/sso/UI/Logout)
Can someone guide me what I am missing / What have I done wrong in integrating AEM with SAML.
My requirement is Whenever user clicks logout button, he should be taken back to IDP login page. He should be able to see my protected pages only after entering the credentials again .(Even clicking on browser back button , he should be taken to IDP login page).
Note: Please let me know if anymore details are required.
Solved! Go to Solution.
Views
Replies
Total Likes
Sling logout works by calling dropCredentials() on all registered handlers *matching the request path*. See [1] for example implementation.
This means that the LOGIN-RESOURCE attribute needs to be set to a path registered by the respective handler (i.e. http://localhost:4502/system/sling/logout?resource=/content/geometrixx/en)
If the resource parameter is not set, then / is assumed, and only root-level authentication handlers will handle the logout.
See (1) and (2) for more informaiton
[1] : https://github.com/Adobe-Consulting-Services/acs-aem-commons/blob/master/bundle/src/main/java/com/ad...saml/impl/OktaLogoutHandler.java
Sling logout works by calling dropCredentials() on all registered handlers *matching the request path*. See [1] for example implementation.
This means that the LOGIN-RESOURCE attribute needs to be set to a path registered by the respective handler (i.e. http://localhost:4502/system/sling/logout?resource=/content/geometrixx/en)
If the resource parameter is not set, then / is assumed, and only root-level authentication handlers will handle the logout.
See (1) and (2) for more informaiton
[1] : https://github.com/Adobe-Consulting-Services/acs-aem-commons/blob/master/bundle/src/main/java/com/ad...saml/impl/OktaLogoutHandler.java
Hello Kunwar, so from the steps that I have mentioned above, The only thing I am missing is adding the resource parameter to the logout url?
http://localhost:4502/system/sling/logout?resource=/content/geometrixx/en)
Yes. if you are extending the SAML auth handler, then you need to do a bit extra as I mentioned above.
Views
Like
Replies
Views
Likes
Replies