Expand my Community achievements bar.

AEM cloud | Azure SSO SAML login failure

Avatar

Level 2

Hi Folks,

 

I am integrating Azure SSO in AEMAaCS publish instance. 

After doing all setup I am getting one last exception 

 

*ERROR* [FelixLogListener] LogService.org.apache.felix.http.jetty Exception while processing request to /saml_login (org.apache.felix.log.LogException: java.lang.SecurityException: javax.jcr.PathNotFoundException: keystorePassword not found on /etc/truststore)

 

All changes like dispatcher, SAML authentication handler, referrer filter, sling auth configurations etc are done as per the need. I installed and took the certificate package from local AEM instance and deployed as part of cloud manager pipeline. 

 

Could you please help me to resolve this issue in cloud publish instance. Appreciate the help.

 

Thanks,

Pradeep

8 Replies

Avatar

Level 2

Hi,

 

Those issues/solutions were identified either on prem or AMS. Where admin user can directly upload the certificates manually and create trust store or key store. We are using cloud.

I think the issue could be keystore(in my case it is truststore) password is not same what I used in local when creating the truststore. Or is it a permission issue to the group where user is getting added after successful authentication?

Avatar

Level 4

Hi, you can follow steps below :-

  • Navigate to Tools > Security > Users  on author . Look  for “authentication-service” user.
  • In the keystore tab, click on “Create Keystore” with a password.
  • Save the changes for the user and activate
  • Navigate to Tools > Deployment > Distribution , open Publish configuration
    In the Distribute tab, select the path “/etc/truststore” and select the add tree and replicate.

in saml config file - "keyStorePassword": ""

Avatar

Level 2

After following all steps. I am seeing below exception in cloud publish aemerror log

LogService.org.apache.felix.http.jetty Exception while processing request to /saml_login (org.apache.felix.log.LogException: java.lang.SecurityException: com.adobe.granite.crypto.CryptoException: Cannot convert byte data)

Avatar

Employee

@pradeepdubey could you please try removing the "keystore" node under /home/users/system/.... and recreate the keystore.

Avatar

Level 2

In the cloud environment crx/de access is disabled. Also dev console repository browser is not allowing anything to delete, that is just read only.