Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

AEM6.3.3 + OKTA Integration

Avatar

Level 4

Hi Team,

I am facing issue with multiple SAML configuration for our project with one IDP certificate.

I follow the steps mentioned in the link below but no Luck.

Multiple SAML configurations

On successful authentication , it redirects to http:localhost/saml_login instead of the path configured in the Assertion Consumer URL i.e. http:localhost/content/abc/saml_login

What can be the issue or is there any configuration which needs to be done to handle multiple domain with multiple SAML configuration ?

Thanks in advance

6 Replies

Avatar

Employee Advisor

You need to configure the same Assertion Consumer URL on the OKTA side. Sometimes it's labeled as destination URL. Assertion URL in AEM should match with what's set on the OKTA.

Avatar

Level 4

Hi Jaideep,

Thank you for sharing more insight.

Yes I already put the Assertion Consumer URL on the OKTA side but still it redirect to default saml_login.

Do you see anything things which needs to be looked upon. ?

Thank you

Avatar

Employee Advisor

Can you check if path property is set as per the ACS:

If path: / then ACS should be <SP>/saml_login

If the path: /content then ACS should be <SP>/content/saml_login

Check [1] for more details

[1] https://labs.tadigital.com/index.php/2017/10/10/saml-single-sign-on-sso-for-aem-authorpublish-part-2...

Avatar

Level 4

Hi,

Thank you for sharing such a nice document.

I followed all the steps still No Luck.

Actually while giving the path "/content/abc" and putting the Assertion URL path as "http://localhost:4503/content/abc/saml_login" in SAML configuration. When I hit the path localhost:4503/content/abc.html it never redirects to IDP URL instead it render the content page.

Do you have any context why path with /content/abc not working and redirecting it to OKTA page for authentication. ?

Thanks

Avatar

Employee Advisor

Reading the description, it looks like the page "/content/abc.html" does not require authentication. SAML will only be triggered on the pages which anonymous does not have access to.

Also, check if you have excluded "/content/abc.html" from the authentication requirement.

[1] http://<host>:<port>/system/console/configMgr/org.apache.sling.engine.impl.auth.SlingAuthenticator