Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Adobe Summit 2023 [19th to 23rd March, Las Vegas and Virtual] | Complete AEM Session & Lab list
See the List & Register
SOLVED

After logging in IDP through SAML auth IDP POST to /saml_login URL returns 403 response

Avatar

Level 2
Level 2
‎08-03-2023 00:42 PST

SAML Authentication configured by following this guide:

https://wttech.blog/blog/2019/how-to-setup-aem-publish-saml-authentication-using-okta

 

and after logging in IDP the POST request to configured URL returns unauthorized 403.

http://aem-publish-host/content/......./login.html

 

Dispatcher has a filter configured to allow POST request on given path 

/0053 { /type "allow" /method "POST" /url "*/login.html" } # allow post for SAML

 

What other options are there to investigate? 

Thanks

 

 

Views

134

Replies

4

Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 2
Level 2
‎08-03-2023 08:40 PST
In response to Albin_Issac

andrija_sm_0-1678292719364.png

Thanks, I've added "Allow Empty" referrer according to the link you kindly provided. This cleared the 403 error.

However now - accessing login.html enters into a loop of constantly redirecting to sso/saml IDP login page.

There is nothing in SAML logs:

08.03.2023 15:40:22.581 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=com.adobe.granite.auth.saml.SamlAuthenticationHandler.f94668b4-8ce0-483a-98d0-46025b2c2cd6)] com.adobe.granite.auth.saml Service [com.adobe.granite.auth.saml.SamlAuthenticationHandler.f94668b4-8ce0-483a-98d0-46025b2c2cd6,80376, [org.apache.sling.auth.core.spi.AuthenticationHandler]] ServiceEvent REGISTERED

 

Views

73

Replies

0

Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Level 2
Level 2
‎08-03-2023 05:55 PST
In response to arunpatidar

Thanks Arun, for the quick reply. Unfortunately no new information on that resource.

Views

88

Replies

0

Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
‎08-03-2023 07:07 PST

The 403 issues can be triggered when the Referrer Filter rejects the request; you may need to configure the Referrer Filter based on the IDP configurations.

Refer to Exceptions/Issues while configuring SAML Authentication Handler - Adobe Experience Manager(AEM) (alb... for more details.

Regards

Albin

https://www.albinsblog.com

 

Views

79

Replies

1

Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 2
Level 2
‎08-03-2023 08:40 PST
In response to Albin_Issac

andrija_sm_0-1678292719364.png

Thanks, I've added "Allow Empty" referrer according to the link you kindly provided. This cleared the 403 error.

However now - accessing login.html enters into a loop of constantly redirecting to sso/saml IDP login page.

There is nothing in SAML logs:

08.03.2023 15:40:22.581 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=com.adobe.granite.auth.saml.SamlAuthenticationHandler.f94668b4-8ce0-483a-98d0-46025b2c2cd6)] com.adobe.granite.auth.saml Service [com.adobe.granite.auth.saml.SamlAuthenticationHandler.f94668b4-8ce0-483a-98d0-46025b2c2cd6,80376, [org.apache.sling.auth.core.spi.AuthenticationHandler]] ServiceEvent REGISTERED

 

Views

74

Replies

0

Sign in to like this content

Total Likes

Translate
Translate
Jump to reply