Expand my Community achievements bar.

Learn about Edge Delivery Services in upcoming GEM session
Register!
SOLVED

How to remove broken SAML configuration on AEM Author or a bypass url?

Avatar

Level 4
Level 4
5/24/21 4:08:22 PM

We have configured a SAML configuration on AEM Author. The integration isn't working but we are locked out of accessing AEM Author. The SAML bypass url doesn't seem to be working as well.

 

Our redirect url isn't correct so we need to remove the SAML config.The SAML bypass url shows AEM Author login page, but does not let us go beyond. 

 

Configuration:

1. Create a Trust Store

2. Updated Authentication Service user adding a Keystore

3. Created a new SAML configuration in ConfigMgr.

 

By pass url we are using: http://<server>:4502/libs/granite/core/content/login.html

 

Logs reporting this:

 

24.05.2021 23:05:35.879 *INFO* [qtp936030377-1973] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

 

 

How can we solve this?

Views

1.5K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Community Advisor
Community Advisor
5/24/21 7:28:26 PM

Hi @surenk , 

Siteadmin will redirects to SMAL url configured. You can login to crxde directly and remove the the configuration. 

  • Navigate to http://localhost:4502/crx/de/index.jsp
  • Enter the credentials to login 
  • Navigate to SAML config file and remove the configuration. Or navigate to system config and remove the configuration. 

This must stop you from redirection. 

Views

1.4K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Community Advisor
Community Advisor
5/24/21 7:28:26 PM

Hi @surenk , 

Siteadmin will redirects to SMAL url configured. You can login to crxde directly and remove the the configuration. 

  • Navigate to http://localhost:4502/crx/de/index.jsp
  • Enter the credentials to login 
  • Navigate to SAML config file and remove the configuration. Or navigate to system config and remove the configuration. 

This must stop you from redirection. 

Views

1.4K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 4
Level 4
5/25/21 5:45:46 AM
In response to Vaibhavi_J
I tried /crx/de and /crx/packmgr and several others, they all would redirect to AEM Author login and won't let the button submit. We had no choice but to restore AEM from a previous backup.

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
5/26/21 10:02:45 PM
In response to Vaibhavi_J

Another option would be, you should have removed the SMAL config from code and deployed.

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
3/3/23 12:12:33 PM
In response to Vaibhavi_J

If any one still running into the same issue with misconfigured SAML configs and locked out from login, you can delete the configured SAML configs with a CURL command.

But you need to have the ID of the saml config which you can grab if from the logs if you have like below.

Search in Logs for pid=com.adobe.granite.auth.saml.SamlAuthenticationHandler.xxxxxx-xxx-4cxxxxxxxxxx 

xxxxxx-xxx-4cxxxxxxxxxx from the above is the CONFIGID which you can use in the below CURL command.

curl --location --request POST '<AEMHOST>/system/console/configMgr/com.adobe.granite.auth.saml.SamlAuthenticationHandler.<CONFIGID>' \
--header 'Authorization: <Repalce with the Auth Credentials>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'apply=1' \
--data-urlencode 'delete=1'

Once deleted you are back to the prior configs.

Views

752

Replies

0
Sign in to like this content

Total Likes

Translate
Translate