We have configured a SAML configuration on AEM Author. The integration isn't working but we are locked out of accessing AEM Author. The SAML bypass url doesn't seem to be working as well.
Our redirect url isn't correct so we need to remove the SAML config.The SAML bypass url shows AEM Author login page, but does not let us go beyond.
Configuration:
1. Create a Trust Store
2. Updated Authentication Service user adding a Keystore
3. Created a new SAML configuration in ConfigMgr.
By pass url we are using: http://<server>:4502/libs/granite/core/content/login.html
Logs reporting this:
24.05.2021 23:05:35.879 *INFO* [qtp936030377-1973] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
How can we solve this?
Views
Replies
Total Likes
Hi @surenk ,
Siteadmin will redirects to SMAL url configured. You can login to crxde directly and remove the the configuration.
This must stop you from redirection.
Hi @surenk ,
Siteadmin will redirects to SMAL url configured. You can login to crxde directly and remove the the configuration.
This must stop you from redirection.
Another option would be, you should have removed the SMAL config from code and deployed.
If any one still running into the same issue with misconfigured SAML configs and locked out from login, you can delete the configured SAML configs with a CURL command.
But you need to have the ID of the saml config which you can grab if from the logs if you have like below.
Search in Logs for pid=com.adobe.granite.auth.saml.SamlAuthenticationHandler.xxxxxx-xxx-4cxxxxxxxxxx
xxxxxx-xxx-4cxxxxxxxxxx from the above is the CONFIGID which you can use in the below CURL command.
curl --location --request POST '<AEMHOST>/system/console/configMgr/com.adobe.granite.auth.saml.SamlAuthenticationHandler.<CONFIGID>' \
--header 'Authorization: <Repalce with the Auth Credentials>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'apply=1' \
--data-urlencode 'delete=1'
Once deleted you are back to the prior configs.
In case you do now know the config id to delete, you can fetch available configs by using this curl
curl -u admin:admin -X GET \
http://localhost:4502/system/console/configMgr/com.adobe.granite.auth.saml.SamlAuthenticationHandler\*.json
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies