Expand my Community achievements bar.

SOLVED

How to remove broken SAML configuration on AEM Author or a bypass url?

Avatar

Level 4

We have configured a SAML configuration on AEM Author. The integration isn't working but we are locked out of accessing AEM Author. The SAML bypass url doesn't seem to be working as well.

 

Our redirect url isn't correct so we need to remove the SAML config.The SAML bypass url shows AEM Author login page, but does not let us go beyond. 

 

Configuration:

1. Create a Trust Store

2. Updated Authentication Service user adding a Keystore

3. Created a new SAML configuration in ConfigMgr.

 

By pass url we are using: http://<server>:4502/libs/granite/core/content/login.html

 

Logs reporting this:

 

24.05.2021 23:05:35.879 *INFO* [qtp936030377-1973] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

 

 

How can we solve this?

1 Accepted Solution

Avatar

Level 9

Hi @surenk , 

Siteadmin will redirects to SMAL url configured. You can login to crxde directly and remove the the configuration. 

  • Navigate to http://localhost:4502/crx/de/index.jsp
  • Enter the credentials to login 
  • Navigate to SAML config file and remove the configuration. Or navigate to system config and remove the configuration. 

This must stop you from redirection. 

5 Replies

Avatar

Level 9

Hi @surenk , 

Siteadmin will redirects to SMAL url configured. You can login to crxde directly and remove the the configuration. 

  • Navigate to http://localhost:4502/crx/de/index.jsp
  • Enter the credentials to login 
  • Navigate to SAML config file and remove the configuration. Or navigate to system config and remove the configuration. 

This must stop you from redirection. 

Avatar

Level 4
I tried /crx/de and /crx/packmgr and several others, they all would redirect to AEM Author login and won't let the button submit. We had no choice but to restore AEM from a previous backup.

Avatar

Level 9

Another option would be, you should have removed the SMAL config from code and deployed.

Avatar

Level 1

If any one still running into the same issue with misconfigured SAML configs and locked out from login, you can delete the configured SAML configs with a CURL command.

But you need to have the ID of the saml config which you can grab if from the logs if you have like below.

Search in Logs for pid=com.adobe.granite.auth.saml.SamlAuthenticationHandler.xxxxxx-xxx-4cxxxxxxxxxx 

xxxxxx-xxx-4cxxxxxxxxxx from the above is the CONFIGID which you can use in the below CURL command.

curl --location --request POST '<AEMHOST>/system/console/configMgr/com.adobe.granite.auth.saml.SamlAuthenticationHandler.<CONFIGID>' \
--header 'Authorization: <Repalce with the Auth Credentials>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'apply=1' \
--data-urlencode 'delete=1'

Once deleted you are back to the prior configs.

Avatar

Level 1

In case you do now know the config id to delete, you can fetch available configs by using this curl

curl -u admin:admin -X GET \
http://localhost:4502/system/console/configMgr/com.adobe.granite.auth.saml.SamlAuthenticationHandler\*.json