Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!

AEM SAML Authentication not working on new site

Avatar

Level 4
Level 4
12/31/20 5:46:56 AM


We created a new site and configured the SAML in configMgr.

The path of the new site is "/content/site2/us/en/voice". The new site path and serviceProviderEntityId are added to the new SAML config.
We don't want to configure "Authentication Requirement" or "Closed User Group" in the new site properties path as we want all the AD users should access the new site.
In the new site when hit the URL it just renders the page instead of redirecting to idp.

 

 

SAML integration with AzureAD is working in the existing site.
Also in the existing site page properties I didn't see any "Authentication Requirement" or "Closed User Group" configured.
when we hit the existing site URL it automatically redirects to AD and shows the AD login screen, once passed the credentials it redirects the page based on the redirectURL configured in AD.


Am I missing anything? Advance thanks for your answers & recommendations.

 

Views

1.8K

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
5 Replies

Avatar

Level 4
Level 4
12/31/20 5:49:38 AM
Also there is no logs captured. I configured the log for com.adobe.granite.auth.saml package as well.

Views

1.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 9
Level 9
12/31/20 1:22:41 PM

Hello,

 

Did you configure your next site under same domain or using separate domain??

 

Thanks,

Pawan

Views

1.8K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
12/31/20 7:17:26 PM
In response to Pawan-Gupta

same subdomain. moving forward it will be a new subdomain.

 

Even I replace the new site path in the existing site SAML2.0 Authentication Handler config. Still no luck

Views

1.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
12/31/20 8:28:36 PM
In response to Pawan-Gupta
Thanks Pawan for your time, It works now after adding the path in "Authentication Requirements" field of "Apache Sling Authentication Service" config. Still I didn't understand how the existing site doing the SSO, because I didn't see existing site path in this config. Would the existing site path be configured some where else?

Views

1.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
12/31/20 7:19:55 PM

Also found in the below blog that this is the default behavior of publish and we need to add the path in (org.apache.sling.engine.impl.auth.SlingAuthenticator.xml) config

https://www.bounteous.com/insights/2018/09/24/single-sign-sso-integration-okta-aem-63/#troubleshooti...

 

When I check my SlingAuthenticator.xml there is no existing site path entry in the config. 

 

 

Views

1.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM session management and user access

Views

16

Likes

0

Replies

2
AEM Clud migration: Strategy to reduce ACS AEM Commons dependency

Views

55

Likes

0

Replies

1
How to mask the image in AEM?

Views

85

Likes

0

Replies

3
On asset reupload metadata is not getting updated with correct values.

Views

60

Likes

0

Replies

1
Pipeline-free URL Redirects is not working in AEM Cloud Dispatcher

Views

127

Likes

0

Replies

5