Hey Guys,
I'll try to detail the best I can in here.
So, I'm running into a problem with my SAML integration
I configured every one of the steps bellow:
After all that I'm able to see the integration happening, the azure login displays correctly and I'm able to login with azure, the problem happens only in the last step the one for the POST, the call happens but after that the user keeps logged out.
Important: the reply URL is configured without the .html extension in Azure side so I had to make a redirect using Apache to add the .html extension.
Important: I'm using SAML Tracer to intercept the requests and I noticed that in the POST the cookie login-token does not come with the Response Headers
Views
Replies
Total Likes
Hi,
What is the response url looks like?
make sure you do not change the callback url because AEM has set of rule(whitleist url pattern e.g saml_login) to allow anonymous post request.
Please check https://wttech.blog/blog/2019/how-to-setup-aem-publish-saml-authentication-using-okta/
The login-token cookie must be created once you have the valid login in AEM
Form debugging at AEM side, you can enable the custom logger : https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/saml-2-0-authen...
Hey @arunpatidar I'm using the same pattern and I have added the following line to the dispatcher filter
/0105 { /type "allow" /method "POST" /url "*/saml_login" }
I've also allowed access to that path through the Sling authenticator.
I've requested the azure team to change the path of reply URL to also include the .html extension, and no It is calling but I'm receiving this
message saying that the payload is invalid, I'm starting to suspect that the enterprise application may not be correctly set on the azure side.
I also have printed the summary in the SAML tracer
It could be, issue is from azure side but i would recommed to remove .html from this path.
This might be added by the apache rewrite rule in your dispatcher rewrite.rule file.
@arunpatidar the problem is most likely in the azure, they had created a standard enterprise application instead of a AEM one.
About the rewrite, I don't know if I was making it incorrectly but the way it was it wasent printing this invalid payload, so I'll live the .html in the azure side for now and see how that goes.
I'm waiting on the change from the azure side so I can close this topic.
Views
Likes
Replies
Views
Likes
Replies