Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

Okta SAML integration with dispatcher

courtthreeGDC
Level 3
Level 3

Hi guys,

We have very successfully integrated Okta as our IDM platform into our non-production publish instance (developed and tested by directly accessing the publisher on 4503).

However, we have failed (almost at the first hurdle) when hitting the publisher via the dispatcher. Upon hitting the SAML protected content, we are faced with what appears to be a server-level (Apache-derived) log-in/password challenge.

What should be my first steps to check in the dispatcher configuration.

FYI, while I am an experienced AEM dev, I am not well versed in dispatcher config - this was historically handled for us by our hosting partner who, on this occasion, are not able to assist so I apologise in advance for what may seem a rather poorly defined and somewhat basic question. I would genuinely appreciate a steer.

1 Accepted Solution
jbrar
Correct answer by
Employee
Employee

For dispatcher, you need to allow POST request to saml_login:

/0100 { /type "allow" /method "POST" /url "*/saml_login" }

More details at [1]

[1] https://helpx.adobe.com/experience-manager/kb/how-to-troubleshoot-saml-related-issues-in-aem.html

View solution in original post

2 Replies
jbrar
Correct answer by
Employee
Employee

For dispatcher, you need to allow POST request to saml_login:

/0100 { /type "allow" /method "POST" /url "*/saml_login" }

More details at [1]

[1] https://helpx.adobe.com/experience-manager/kb/how-to-troubleshoot-saml-related-issues-in-aem.html

View solution in original post

courtthreeGDC
Level 3
Level 3

Thanks so much Jaideep,

You're answer is indeed correct and is definitely the best first step in configuring AEM SAML Integration.

In our situation, this had already been done and the root of our issue turned out to be related to our CDN. However, your answer has been moderated as correct and I would definitely agree. Our situation was too specific for anyone on here to give an answer based on the limited information I gave.