Encapsulated token mechanism is not working in AEM OIDC integration

Question

Hi,

We are successfully doing OIDC integration with Azure on our AEM publisher instances.

In our current SAML setup, we use a high-wire load balancing mechanism with sticky sessions so that all requests for a user’s session are routed to the same publisher. This avoids re-authentication issues.

However, when we disable sticky sessions so that requests can go to different publisher instances, the user session isn’t available across all nodes and the user is prompted to log in on each request.

To handle this scenario, we enabled “Encapsulated Token,” which is meant to support stateless session management across publishers.

Unfortunately, upon enabling Encapsulated Token in our OIDC codebase, the user’s .token node is not being created, and the integration fails.

Any suggestions or idea.

TarunKumar · Accepted Answer

Hi @akhilraj ,All authentication handlers that synchronize users and rely on token authentication (like SAML & OAuth) will only work with encapsulated tokens if:Sticky sessions are enabled, orUsers are already created in AEM when the synchronization starts. This means that encapsulated tokens will not be supported in situations where the handlers create users during the sync process.Also, please check the log of and see if you find any clue from there.If there is nothing that is pending from your end then raise an adobe support ticket to look after it.  -Tarun

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded