Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

Multiple SAML configurations

dpeters1
Level 2
Level 2

I have been working with our CSE for a couple weeks trying to get two SAML authentications set up. Our platform admins will need to be able to access CRX and package manager through a SAML authentication. Currently, our primary SAML authentication is being blocked at the load balance so CRX and package manager are not accessible. We are attempting to set up a second SAML authentication that will redirect our platform admin users to a separate URL provided by our CSE. We have had a few issues with this redirect but the most recent is stating that the SAML authentication failed. We are using SAML 2.0 on AEM 6.5. I tried to set up the Apache Sling Authentication Server to not require authentication at the new URL which gave a 500 error in return.

Has anyone successfully set up multiple SAML configurations where the majority of users will still navigate through the load balancer, but a select few can bypass the load balance while still authenticating through SAML and SSO? Our primary objective is to avoid any users not set up and approved through AD Groups and authenticated via SAML and SSO.

1 Accepted Solution
Antony6790
Correct answer by
Level 2
Level 2

We have SSO setup in our environment

 

However as per our CSE we havent enabled SSO on direct AEM urls which are used for crx and package manager.  Also enabled any url's on crx/de or package Manager impacts any automated scripts or OOTB jobs etc.

 

Thanks,

 

 

View solution in original post

2 Replies
Antony6790
Correct answer by
Level 2
Level 2

We have SSO setup in our environment

 

However as per our CSE we havent enabled SSO on direct AEM urls which are used for crx and package manager.  Also enabled any url's on crx/de or package Manager impacts any automated scripts or OOTB jobs etc.

 

Thanks,

 

 

View solution in original post

dpeters1
Level 2
Level 2
You have SSO setup in your environment that you can get to crx/de and package manager? My issue is that we can't have users in the system that circumvent SAML or CASB. Since CASB is not working, SAML or even SSO are the best practices options we have.