Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
Read More.
SOLVED

AEM SAML login

Avatar

Level 2
Level 2
4/3/18 8:54:53 AM

Hi,

I've configured the SAML2.0 Authentication Handler and Referrer Filter in our Author instance and the SAML configuration seems to be working fine, so long as the user goes to the root directory of our Author environment: e.g  https://server-name/

However, if the user goes directly to the login url of our Author environment:  e.g.   https://server-name/libs/granite/core/content/login.html

SAML  is bypassed completely and the user gets the usual login screen of Author without being redirected to the IdP for login via SAML.

I'm trying to find out why this is happening.

Is there some other configuration that I need to have in place for it to enforce SAML login, even if the user is not pointing to the root URL of the server?

In my SAML 2.0 Authentication Handler I have specified / as the setting for Path.  I was hoping that this would ensure SAML login to be enforced for everything below https://server-name/

Any guidance on this would be appreciated.

Thanks!

Views

4.7K

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 2
Level 2
4/4/18 2:23:31 PM

Yes, confirmed!  I've found out that the Sling Authentication Service provides a place to exclude specific URLs from authentication.  One of those URLs is the Author login page itself.  It makes sense now that I think it through.  Our SAML authentication is activated when the user hits our Author instance at  / .   We can close this question now, mystery solved.

View solution in original post

Views

3.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Level 10
Level 10
4/3/18 10:23:47 AM

See this end to end AEM SAML article: Integrating SAML with Adobe Experience Manager

Looks like in your case - something is not configured properly.

Views

3.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
4/3/18 10:24:45 AM

Also - see this GEMS session on this subject - this may help....

Utilizing SAML in AEM deployments

Views

3.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee
Employee
4/3/18 9:39:01 PM

I think this is working as expected as there might be an entry under Sling authentication service that lets you login to the direct url and skips the saml authentication by default.

Views

3.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 2
Level 2
4/4/18 2:23:31 PM

Yes, confirmed!  I've found out that the Sling Authentication Service provides a place to exclude specific URLs from authentication.  One of those URLs is the Author login page itself.  It makes sense now that I think it through.  Our SAML authentication is activated when the user hits our Author instance at  / .   We can close this question now, mystery solved.

Views

3.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 1
Level 1
6/18/18 3:19:03 AM

You can remove the anonymous access for this page and this should be redirected to authentication.

Views

3.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM Cloud Config Pipeline Failed due to YAML parsing error

Views

25

Likes

0

Replies

0
Why is OOTB currentuser.json API called so many times on AEM Publisher?

Views

56

Likes

0

Replies

1
AEM Integration to WeChat Mini-Program

Views

56

Likes

0

Replies

0
How to best host fonts in AEM?

Views

132

Likes

0

Replies

5
Support Image and Video in OTB AEM Teaser Component

Views

106

Likes

0

Replies

3