Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

AEM SAML Authentication not working on new site

saibul
Level 4
Level 4


We created a new site and configured the SAML in configMgr.

The path of the new site is "/content/site2/us/en/voice". The new site path and serviceProviderEntityId are added to the new SAML config.
We don't want to configure "Authentication Requirement" or "Closed User Group" in the new site properties path as we want all the AD users should access the new site.
In the new site when hit the URL it just renders the page instead of redirecting to idp.

 

 

SAML integration with AzureAD is working in the existing site.
Also in the existing site page properties I didn't see any "Authentication Requirement" or "Closed User Group" configured.
when we hit the existing site URL it automatically redirects to AD and shows the AD login screen, once passed the credentials it redirects the page based on the redirectURL configured in AD.


Am I missing anything? Advance thanks for your answers & recommendations.

 

5 Replies
saibul
Level 4
Level 4
Also there is no logs captured. I configured the log for com.adobe.granite.auth.saml package as well.
Pawan_Gupta_
Community Advisor
Community Advisor

Hello,

 

Did you configure your next site under same domain or using separate domain??

 

Thanks,

Pawan

saibul
Level 4
Level 4

same subdomain. moving forward it will be a new subdomain.

 

Even I replace the new site path in the existing site SAML2.0 Authentication Handler config. Still no luck

saibul
Level 4
Level 4
Thanks Pawan for your time, It works now after adding the path in "Authentication Requirements" field of "Apache Sling Authentication Service" config. Still I didn't understand how the existing site doing the SSO, because I didn't see existing site path in this config. Would the existing site path be configured some where else?
saibul
Level 4
Level 4

Also found in the below blog that this is the default behavior of publish and we need to add the path in (org.apache.sling.engine.impl.auth.SlingAuthenticator.xml) config

https://www.bounteous.com/insights/2018/09/24/single-sign-sso-integration-okta-aem-63/#troubleshooti...

 

When I check my SlingAuthenticator.xml there is no existing site path entry in the config.