I have been working with our CSE for a couple weeks trying to get two SAML authentications set up. Our platform admins will need to be able to access CRX and package manager through a SAML authentication. Currently, our primary SAML authentication is being blocked at the load balance so CRX and package manager are not accessible. We are attempting to set up a second SAML authentication that will redirect our platform admin users to a separate URL provided by our CSE. We have had a few issues with this redirect but the most recent is stating that the SAML authentication failed. We are using SAML 2.0 on AEM 6.5. I tried to set up the Apache Sling Authentication Server to not require authentication at the new URL which gave a 500 error in return.
Has anyone successfully set up multiple SAML configurations where the majority of users will still navigate through the load balancer, but a select few can bypass the load balance while still authenticating through SAML and SSO? Our primary objective is to avoid any users not set up and approved through AD Groups and authenticated via SAML and SSO.
However as per our CSE we havent enabled SSO on direct AEM urls which are used for crx and package manager. Also enabled any url's on crx/de or package Manager impacts any automated scripts or OOTB jobs etc.