Hi,
I've configured the SAML2.0 Authentication Handler and Referrer Filter in our Author instance and the SAML configuration seems to be working fine, so long as the user goes to the root directory of our Author environment: e.g https://server-name/
However, if the user goes directly to the login url of our Author environment: e.g. https://server-name/libs/granite/core/content/login.html
SAML is bypassed completely and the user gets the usual login screen of Author without being redirected to the IdP for login via SAML.
I'm trying to find out why this is happening.
Is there some other configuration that I need to have in place for it to enforce SAML login, even if the user is not pointing to the root URL of the server?
In my SAML 2.0 Authentication Handler I have specified / as the setting for Path. I was hoping that this would ensure SAML login to be enforced for everything below https://server-name/
Any guidance on this would be appreciated.
Thanks!
Solved! Go to Solution.
Views
Replies
Total Likes
Yes, confirmed! I've found out that the Sling Authentication Service provides a place to exclude specific URLs from authentication. One of those URLs is the Author login page itself. It makes sense now that I think it through. Our SAML authentication is activated when the user hits our Author instance at / . We can close this question now, mystery solved.
See this end to end AEM SAML article: Integrating SAML with Adobe Experience Manager
Looks like in your case - something is not configured properly.
Views
Replies
Total Likes
Also - see this GEMS session on this subject - this may help....
Views
Replies
Total Likes
I think this is working as expected as there might be an entry under Sling authentication service that lets you login to the direct url and skips the saml authentication by default.
Views
Replies
Total Likes
Yes, confirmed! I've found out that the Sling Authentication Service provides a place to exclude specific URLs from authentication. One of those URLs is the Author login page itself. It makes sense now that I think it through. Our SAML authentication is activated when the user hits our Author instance at / . We can close this question now, mystery solved.
You can remove the anonymous access for this page and this should be redirected to authentication.
Views
Replies
Total Likes
Views
Likes
Replies