Expand my Community achievements bar.

SOLVED

After logging in IDP through SAML auth IDP POST to /saml_login URL returns 403 response

Avatar

Level 2
Level 2
3/8/23 12:42:49 AM

SAML Authentication configured by following this guide:

https://wttech.blog/blog/2019/how-to-setup-aem-publish-saml-authentication-using-okta

 

and after logging in IDP the POST request to configured URL returns unauthorized 403.

http://aem-publish-host/content/......./login.html

 

Dispatcher has a filter configured to allow POST request on given path 

/0053 { /type "allow" /method "POST" /url "*/login.html" } # allow post for SAML

 

What other options are there to investigate? 

Thanks

 

 

Views

399

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 2
Level 2
3/8/23 8:40:33 AM
In response to Albin_Issac

andrija_sm_0-1678292719364.png

Thanks, I've added "Allow Empty" referrer according to the link you kindly provided. This cleared the 403 error.

However now - accessing login.html enters into a loop of constantly redirecting to sso/saml IDP login page.

There is nothing in SAML logs:

08.03.2023 15:40:22.581 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=com.adobe.granite.auth.saml.SamlAuthenticationHandler.f94668b4-8ce0-483a-98d0-46025b2c2cd6)] com.adobe.granite.auth.saml Service [com.adobe.granite.auth.saml.SamlAuthenticationHandler.f94668b4-8ce0-483a-98d0-46025b2c2cd6,80376, [org.apache.sling.auth.core.spi.AuthenticationHandler]] ServiceEvent REGISTERED

 

View solution in original post

Views

338

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Level 2
Level 2
3/8/23 5:55:09 AM
In response to arunpatidar

Thanks Arun, for the quick reply. Unfortunately no new information on that resource.

Views

353

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
3/8/23 7:07:14 AM

The 403 issues can be triggered when the Referrer Filter rejects the request; you may need to configure the Referrer Filter based on the IDP configurations.

Refer to Exceptions/Issues while configuring SAML Authentication Handler - Adobe Experience Manager(AEM) (alb... for more details.

Regards

Albin

https://www.albinsblog.com

 

Views

344

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 2
Level 2
3/8/23 8:40:33 AM
In response to Albin_Issac

andrija_sm_0-1678292719364.png

Thanks, I've added "Allow Empty" referrer according to the link you kindly provided. This cleared the 403 error.

However now - accessing login.html enters into a loop of constantly redirecting to sso/saml IDP login page.

There is nothing in SAML logs:

08.03.2023 15:40:22.581 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=com.adobe.granite.auth.saml.SamlAuthenticationHandler.f94668b4-8ce0-483a-98d0-46025b2c2cd6)] com.adobe.granite.auth.saml Service [com.adobe.granite.auth.saml.SamlAuthenticationHandler.f94668b4-8ce0-483a-98d0-46025b2c2cd6,80376, [org.apache.sling.auth.core.spi.AuthenticationHandler]] ServiceEvent REGISTERED

 

Views

339

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply