We have multiple websites in same instance with different domain. Currently we are using Adobe saml 2.0 configuration for authenticating one of the sites. Now we need have authentication for other domains too. I have tried adding separate adobe saml configurations for each domain. We have single IDP url and separate SPID for each domain and path given for all was "/". while login in to any site, it is redirecting to the url provided in the handler with highest service ranking.
I tried providing the path field according to the domain, (ex. for www.abc.com, path as /content/abc and so), then I am getting below exception.
Caused by: org.apache.sling.api.resource.PersistenceException: Resource at '/saml_login' is not modifiable.
... 126 common frames omitted
Did any one face similar issue? Please advise.
We are also trying to configure multiple domains with single IDP. Since we have multiple domains and IDP should redirect to URL corresponding to that domain once authenticated so we have configured multiple SAML authentication handler configurations. Each authentication handler is having different SP ID. IDP is trying to redirect to appropriate domain with /saml_login post authentication. But the issue with multiple configurations we are facing is that second entry starts throwing below error:
09.01.2019 05:51:40.284 *DEBUG* [qtp1545571589-536241] com.adobe.granite.auth.saml.model.Assertion Invalid Assertion: audienceRestrictions violated.
09.01.2019 05:51:40.301 *INFO* [qtp1545571589-536241] com.adobe.granite.auth.saml.SamlAuthenticationHandler Login failed. SAML token invalid.
When keep only 1 of these entries it works fine. This issue is happening only when we have more than 1 entry and 1st entry works fine while second throws this error.
Can you please suggest on how to handle this.