Adobe Experience Manager Sites & More

surenk · 5/24/21

We have configured a SAML configuration on AEM Author. The integration isn't working but we are locked out of accessing AEM Author. The SAML bypass url doesn't seem to be working as well.

Our redirect url isn't correct so we need to remove the SAML config.The SAML bypass url shows AEM Author login page, but does not let us go beyond.

Configuration:

1. Create a Trust Store

2. Updated Authentication Service user adding a Keystore

3. Created a new SAML configuration in ConfigMgr.

By pass url we are using: http://<server>:4502/libs/granite/core/content/login.html

Logs reporting this:

24.05.2021 23:05:35.879 *INFO* [qtp936030377-1973] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

How can we solve this?

Vaibhavi_J · 5/24/21

Hi @surenk ,

Siteadmin will redirects to SMAL url configured. You can login to crxde directly and remove the the configuration.

Navigate to http://localhost:4502/crx/de/index.jsp
Enter the credentials to login
Navigate to SAML config file and remove the configuration. Or navigate to system config and remove the configuration.

This must stop you from redirection.

Vaibhavi_J · 5/24/21

Hi @surenk ,

Siteadmin will redirects to SMAL url configured. You can login to crxde directly and remove the the configuration.

Navigate to http://localhost:4502/crx/de/index.jsp
Enter the credentials to login
Navigate to SAML config file and remove the configuration. Or navigate to system config and remove the configuration.

This must stop you from redirection.

surenk · 5/25/21

I tried /crx/de and /crx/packmgr and several others, they all would redirect to AEM Author login and won't let the button submit. We had no choice but to restore AEM from a previous backup.

Vaibhavi_J · 5/26/21

Another option would be, you should have removed the SMAL config from code and deployed.

sk_sandy · 3/3/23

If any one still running into the same issue with misconfigured SAML configs and locked out from login, you can delete the configured SAML configs with a CURL command.

But you need to have the ID of the saml config which you can grab if from the logs if you have like below.

Search in Logs for pid=com.adobe.granite.auth.saml.SamlAuthenticationHandler.xxxxxx-xxx-4cxxxxxxxxxx

xxxxxx-xxx-4cxxxxxxxxxx from the above is the CONFIGID which you can use in the below CURL command.

curl --location --request POST '<AEMHOST>/system/console/configMgr/com.adobe.granite.auth.saml.SamlAuthenticationHandler.<CONFIGID>' \
--header 'Authorization: <Repalce with the Auth Credentials>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'apply=1' \
--data-urlencode 'delete=1'

Once deleted you are back to the prior configs.

B_GIHAN_KAVINGASE · 10/6/24

In case you do now know the config id to delete, you can fetch available configs by using this curl

curl -u admin:admin -X GET \
http://localhost:4502/system/console/configMgr/com.adobe.granite.auth.saml.SamlAuthenticationHandler\*.json

Adobe Experience Manager Sites & More

How to remove broken SAML configuration on AEM Author or a bypass url?

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe