Expand my Community achievements bar.

AEM SAML Authentication not working on new site

Avatar

Level 4


We created a new site and configured the SAML in configMgr.

The path of the new site is "/content/site2/us/en/voice". The new site path and serviceProviderEntityId are added to the new SAML config.
We don't want to configure "Authentication Requirement" or "Closed User Group" in the new site properties path as we want all the AD users should access the new site.
In the new site when hit the URL it just renders the page instead of redirecting to idp.

 

 

SAML integration with AzureAD is working in the existing site.
Also in the existing site page properties I didn't see any "Authentication Requirement" or "Closed User Group" configured.
when we hit the existing site URL it automatically redirects to AD and shows the AD login screen, once passed the credentials it redirects the page based on the redirectURL configured in AD.


Am I missing anything? Advance thanks for your answers & recommendations.

 

5 Replies

Avatar

Level 4
Also there is no logs captured. I configured the log for com.adobe.granite.auth.saml package as well.

Avatar

Level 9

Hello,

 

Did you configure your next site under same domain or using separate domain??

 

Thanks,

Pawan

Avatar

Level 4

same subdomain. moving forward it will be a new subdomain.

 

Even I replace the new site path in the existing site SAML2.0 Authentication Handler config. Still no luck

Avatar

Level 4
Thanks Pawan for your time, It works now after adding the path in "Authentication Requirements" field of "Apache Sling Authentication Service" config. Still I didn't understand how the existing site doing the SSO, because I didn't see existing site path in this config. Would the existing site path be configured some where else?

Avatar

Level 4

Also found in the below blog that this is the default behavior of publish and we need to add the path in (org.apache.sling.engine.impl.auth.SlingAuthenticator.xml) config

https://www.bounteous.com/insights/2018/09/24/single-sign-sso-integration-okta-aem-63/#troubleshooti...

 

When I check my SlingAuthenticator.xml there is no existing site path entry in the config.