Adobe Experience Manager Sites & More

SaitoYoshio · 7/11/25

Hi ALL

I want to know how to set up the SAML certificate file in the Publish tier and Preview tier.

I am setting up SAML in the Publish tier/Preview tier of AEM as a Cloud Service.

I followed the guide below, but it did not work in the Preview tier.

(It only worked on the Publish tier)

https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/authentication/sam...

This is because the "Trust Store" where the certificate file for asserting the IdP's SAML response is registered is not reflected in the Preview Tier.

Please tell me the correct way to set up the SAML IdP certificate file in the Publish Tier and Preview Tier.

I followed the guide to replicate it to Publish using Package Manager, but it was not reflected in the Preview Tier.

Package Manager does not support the Preview Tier of AEM as a Cloud Service, right?

Thanks

Saito

giuseppebag · 7/11/25

hi @SaitoYoshio,

Could you please describe the issue you're experiencing in Preview?

To ensure the SAML certificate is available in Preview, you could include the Trust Store node (/etc/truststore) and its contents as part of your codebase/content package and deploy it through Cloud Manager, not via runtime Package Manager:

Add the certificate file and Trust Store configuration to your project’s repository.
Deploy to both Publish and Preview environments using the Cloud Manager pipeline.
This ensures the Trust Store (and thus the SAML certificate) is present in both tiers after deployment.

SaitoYoshio · 7/14/25

Hi @giuseppebag

Thank you for reply.

> Could you please describe the issue you're experiencing in Preview?

I set up SAML for Publish and Preview.
I followed the guide below.

https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/authentication/sam...

It worked fine in Publish.
However, in Preview, after logging in to the IdP, an infinite loop of /saml_login → IdP Login occurred.
We investigated the cause.
It seemed that the Trust Store node (/etc/truststore) did not exist in the Preview tier.

The "replicate via package manager" method described in the guide did not seem to be reflected in Preview.

> To ensure the SAML certificate is available in Preview, you could include the Trust Store node (/etc/truststore) and its contents as part of your codebase/content package and deploy it through Cloud Manager

> ・Add the certificate file and Trust Store configuration to your project’s repository.

What file specifically is the "certificate file"?
Is it the .p12 file under /etc/truststore in the Author?

Is it correct to import the certificate file into TrustStore and refer to it as an alias name?

> "idpCertAlias": "certalias___xxxxxxxxxxxxxxxxxx",

Also, could you please tell me the specific settings for "Trust Store configuration"?
I don't understand the configuration files, properties, etc.

Currently,
I deployed the p12 file to the Preview Tier using the pipeline, but I got a different error. (The infinite loop does not occur.)

ERROR MESSAGE on Browser

--------------

Unexpected Error: Looks like we are having some issues with our service. We are working hard to bring it online again.

--------------

When I checked the error.log, I found the following output:

--------------

java.lang.SecurityException: javax.jcr.PathNotFoundException: keystorePassword not found on /etc/truststore

--------------

Thank you for your cooperation.

Saito.

SaitoYoshio · 7/25/25

I was able to solve this problem.
I reported the solution at the following link.

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-cloud-saml-configurati...

Thank you for your help.

Saito

Adobe Experience Manager Sites & More

I want to know how to set up the SAML certificate file in the Publish tier and Preview tier.

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe