AEM SAML login | Community
Skip to main content
J
jwfife
Level 2
April 3, 2018
Solved

AEM SAML login

  • April 3, 2018
  • 5 replies
  • 5353 views

Hi,

I've configured the SAML2.0 Authentication Handler and Referrer Filter in our Author instance and the SAML configuration seems to be working fine, so long as the user goes to the root directory of our Author environment: e.g  https://server-name/

However, if the user goes directly to the login url of our Author environment:  e.g.   https://server-name/libs/granite/core/content/login.html

SAML  is bypassed completely and the user gets the usual login screen of Author without being redirected to the IdP for login via SAML.

I'm trying to find out why this is happening.

Is there some other configuration that I need to have in place for it to enforce SAML login, even if the user is not pointing to the root URL of the server?

In my SAML 2.0 Authentication Handler I have specified / as the setting for Path.  I was hoping that this would ensure SAML login to be enforced for everything below https://server-name/

Any guidance on this would be appreciated.

Thanks!

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by jwfife

Yes, confirmed!  I've found out that the Sling Authentication Service provides a place to exclude specific URLs from authentication.  One of those URLs is the Author login page itself.  It makes sense now that I think it through.  Our SAML authentication is activated when the user hits our Author instance at  / .   We can close this question now, mystery solved.

5 replies

smacdonald2008
smacdonald2008
Level 10
April 3, 2018

See this end to end AEM SAML article: Integrating SAML with Adobe Experience Manager

Looks like in your case - something is not configured properly.

smacdonald2008
smacdonald2008
Level 10
April 3, 2018

Also - see this GEMS session on this subject - this may help....

Utilizing SAML in AEM deployments

K
Adobe Employee
KunwarsalujaAdobe Employee
Adobe Employee
April 4, 2018

I think this is working as expected as there might be an entry under Sling authentication service that lets you login to the direct url and skips the saml authentication by default.

J
jwfifeAuthorAccepted solution
Level 2
April 4, 2018

Yes, confirmed!  I've found out that the Sling Authentication Service provides a place to exclude specific URLs from authentication.  One of those URLs is the Author login page itself.  It makes sense now that I think it through.  Our SAML authentication is activated when the user hits our Author instance at  / .   We can close this question now, mystery solved.

    N
    ngupta45
    June 18, 2018

    You can remove the anonymous access for this page and this should be redirected to authentication.

    Terms & ConditionsAccessibility statement

    Loading footer...