Hi All,
I'm configuring SAML 2.0 for Publish in AEM as a Cloud Service.
However, SAML is not working as expected in the Preview tier.
Where is the problem?
I am referring to the following documentation:
https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/authentication/sam...
The Publish tier is working as expected.
After authenticating with the IdP, users are redirected to /saml_login on Publish:
publish-xxxx.adobeaemcloud.com/saml_login
During the saml_login process, a "login-token" cookie is issued, and users can then view the website.
On the Preview tier, users are also redirected to the IdP, and after authenticating, they are redirected to /saml_login on Preview:
preview-xxxx.adobeaemcloud.com/saml_login
However, no "login token" cookies are issued, and the user is redirected back to the IdP URL again.
/saml_login → IdP Login → /saml_login → IdP Login → (infinite loop)
• "login-token" cookie is not issued on the Preview tier.
• This results in an infinite loop.
Where is the problem?
To identify the cause, I tried changing several settings.
The difference between the Publish and Preview configurations is controlled by environment variables,
so I tried intentionally using an incorrect value for the Preview tier’s "idpCertAlias."
However, the result remained an infinite loop with no noticeable change.
Normally, if "idpCertAlias" is set to an incorrect value, an invalid_token error should occur.
This suggests that on the Preview tier, the certificate might not be referenced at all, leading to the infinite loop.
I followed the setup guide and steps to use Package Manager to replicate the global trust store to the Publish tier, but am I correct in assuming this applies to the Preview tier as well?
Thanks,
Saito.
