Sham HC wrote...

You are almost there,

1)   Do not create saml_login node.  It is consumption point.

2)    Just make sure the path in saml handler ( /content/adobedemolab/en) match with receipt/destination from idp with saml_login appended.   i.e  At idp configure as /content/adobedemolab/en/saml_login

3)     Nameid format with saml response & configured in felix not matching.

Believe me infinite loop & saml configuration is natorious problem & you can't get corrected with single go especially with first time integration. I would advise to get official help through support request.

 

 

 

 

Hi Sham, 

Thanks for revert can you explain what it mean with point 3, where I can configure this.

and I updated #2 to ensure that i received  /content/adobedemolab/ and  /content/adobedemolab/saml_login (receipt/destination) matches but then I get error as below ...

In case you have any idea into that ... 

Error while processing /content/adobedemolab/saml_login.html

Go Back

Modified Resource

Parent of Modified Resource

it should end with saml_login & find out why .html is appended. Did you filled the support request ?

Thanks Sham, the url on IDP side contained the extension on removing that I was successfully able to consume the response and authenticate the url. 

Couple of more queries related to issues I am facing now, 

1) Is it possible to add other properties from SAMLResponse apart from uid to crx users repo in AEM 5.6 ? I know this is possible with AEM 6 instance, but Are there any configration for same in AEM 5.6 instance? If yes, please share.

2) In case of AEM instance URL conntaining get params after "?" the redirect URL set in saml_request_path does not take ? into consideration and after redirect results in 404 page error. Eg below and check attached image. Is this something that can be fixed from AEM configuration or this issue need to be fixed on IDP side ?

For below case  

https://internal.adobedemo.com/content/adobedemolab/en/demos.htmlt?tags=properties/vision

redirect cookie is set to :

https://internal.adobedemo.com/content/adobedemolab/en/demos.htmltags=properties/vision

1)   5.6 not possible, File an support request for a fp to get backported.

2)   It was bug fixed in AEM6 sp2.

Hi Sham, 

I was working on SAML integration on AEM 6.1 and found that settings are bit different from what I have done in AEM 5.6 version. I have to add keys to authentication-services user to keystore and truststore, I have created one query for same at this link 

http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

Now that I am done with changes and keys are detected properly, but I am getting signature lenth error in saml logs(below). 

03.04.2015 08:08:00.299 *DEBUG* [qtp1468301140-410] com.adobe.granite.auth.saml.model.Assertion Invalid Assertion: Signature invalid. 03.04.2015 08:08:00.299 *INFO* [qtp1468301140-410] com.adobe.granite.auth.saml.SamlAuthenticationHandler Login failed. SAML token invalid. 03.04.2015 08:08:01.361 *ERROR* [qtp1468301140-413] com.adobe.granite.auth.saml.util.SamlReader Failed validating signature. javax.xml.crypto.dsig.XMLSignatureException: java.security.SignatureException: Signature length not correct: got 256 but was expecting 128

Is this something from IDP side or I have to make some changes in AEM configuration ? 

\Amit

For 6.1 post the query in the pre release forum.