Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

OSGi configuration deployed using package is not taking effect

Avatar

Avatar
Ignite 1
Level 2
aemcq5
Level 2

Likes

3 likes

Total Posts

5 posts

Correct Reply

0 solutions
Top badges earned
Ignite 1
Give Back 3
Give Back
Boost 3
Boost 1
View profile

Avatar
Ignite 1
Level 2
aemcq5
Level 2

Likes

3 likes

Total Posts

5 posts

Correct Reply

0 solutions
Top badges earned
Ignite 1
Give Back 3
Give Back
Boost 3
Boost 1
View profile
aemcq5
Level 2

19-05-2020

SAML OSGi configuration (com.adobe.granite.auth.saml.SamlAuthenticationHandler.config) that is deployed using package (e.g. config.author, config.dev) is not taking effect. After each deployment, one needs to open the config manager, and just "save" the deployed configuration. Has anyone faced similar issues. Kindly share the resolution.

 

~~~~~~~~~~~~~~~~~~~~~~~~~   UPDATE ~~~~~~~~~~~~~~~~~~~~~~~~~~

 

@berliant , @sunjot16 , @jbrar , @BrianKasingli , @aemmarc greatly appreciate your leads. I thought, I would update you about what I have tried today. The issue is not resolved but I have some information on what appears to be resolving the issue. When the ui.apps package is deployed, I get these two entries in the error.log:

 

19.05.2020 16:51:15.225 *INFO* [JcrInstaller.1] org.apache.sling.installer.provider.jcr.impl.JcrInstaller Registering resource with OSGi installer: [InstallableResource, priority=200, id=/apps/cms-commons/config/com.client.cms.commons.service.impl.ProductSearchServiceImpl, InstallableResource, priority=200, id=/apps/cms-commons/config/org.apache.sling.commons.log.LogManager.factory.config-SAML, InstallableResource, priority=200, id=/apps/cms-commons/config/org.apache.sling.commons.log.LogManager.factory.config-cms-commons, InstallableResource, priority=200, id=/apps/cms-commons/config/com.client.cms.commons.service.impl.CMSCommonsConfigurationImpl, InstallableResource, priority=200, id=/apps/cms-commons/config/org.apache.sling.security.impl.ContentDispositionFilter.config, InstallableResource, priority=200, id=/apps/cms-commons/config/com.day.cq.commons.impl.ExternalizerImpl.config, InstallableResource, priority=200, id=/apps/cms-commons/config/com.client.cms.commons.service.impl.SiteSearchUrlConfigurationImpl, InstallableResource, priority=200, id=/apps/cms-commons/config/com.adobe.granite.auth.saml.SamlAuthenticationHandler.config, InstallableResource, priority=200, id=/apps/cms-commons/config/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-cms-commons, InstallableResource, priority=200, id=/apps/cms-commons/config/com.client.cms.commons.service.impl.TagRootPathServiceImpl, InstallableResource, priority=200, id=/apps/cms-commons/config/com.client.cms.commons.service.impl.APIConfigurationImpl]

19.05.2020 16:51:19.278 *INFO* [OsgiInstallerImpl] org.apache.sling.audit.osgi.installer Installed configuration com.adobe.granite.auth.saml.SamlAuthenticationHandler from resource TaskResource(url=jcrinstall:/apps/cms-commons/config/com.adobe.granite.auth.saml.SamlAuthenticationHandler.config, entity=config:com.adobe.granite.auth.saml.SamlAuthenticationHandler, state=INSTALL, attributes=[org.apache.sling.installer.api.tasks.ResourceTransformer=:31:, service.pid=com.adobe.granite.auth.saml.SamlAuthenticationHandler], digest=a83b1f829c4410343b863230ebb7a9ed)

 

Clearly the JcrInstaller did it's job and installed the com.adobe.granite.auth.saml.SamlAuthenticationHandler

@jbrar , I checked the status in http://<host>:<port>/system/console/osgi-installer and it is INSTALLED

I opened up the configuration in the config manager, and just re-saved. No configuration was changed. With that I have this entry in the error.log

 

19.05.2020 16:52:12.172 *INFO* [JcrInstaller.1] org.apache.sling.installer.provider.jcr.impl.JcrInstaller Registering resource with OSGi installer: [InstallableResource, priority=200, id=/apps/cms-commons/config/com.adobe.granite.auth.saml.SamlAuthenticationHandler.config]

 

The SSO started working after this step of re-saving. So it seems that the JcrInstaller, when invoked the first time (by the package deployment) lacked something that required re-registering the resource with OSGi installer. I parsed the error.log for errors after first registering, I could not find any.

@berliant , I tried with both names: com.adobe.granite.auth.saml.SamlAuthenticationHandler-myname.config and without myname, the behavior listed above remained same. So that can be ruled out.

@sunjot16 , thanks for the lead. It seems the configuration being deployed is correct as the re-saving is all that I am doing to make things work. What are your thoughts?

@aemmarc , I am not able to find the config in the /apps/system/config after re-saving. Since it was not manually created or touched, it probably was not saved into the /apps/system/config

@BrianKasingli , I had previously created it manually but that was long back deleted. So at the time of deployment, the /apps/system/config did not have any  com.adobe.granite.auth.saml.SamlAuthenticationHandler.config. Yeah, I can try with a blank AEM instance.

deployment osgi SAML

Replies

Avatar

Avatar
Ignite 1
Employee
aemmarc
Employee

Likes

184 likes

Total Posts

243 posts

Correct Reply

92 solutions
Top badges earned
Ignite 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile

Avatar
Ignite 1
Employee
aemmarc
Employee

Likes

184 likes

Total Posts

243 posts

Correct Reply

92 solutions
Top badges earned
Ignite 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile
aemmarc
Employee

19-05-2020

How deep is the path to the config?  The JCR Installer (org.apache.sling.installer.provider.jcr.impl.JcrInstaller) by default only looks to a max depth of 4. 

Avatar

Avatar
Establish
MVP
BrianKasingli
MVP

Likes

627 likes

Total Posts

596 posts

Correct Reply

234 solutions
Top badges earned
Establish
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile

Avatar
Establish
MVP
BrianKasingli
MVP

Likes

627 likes

Total Posts

596 posts

Correct Reply

234 solutions
Top badges earned
Establish
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile
BrianKasingli
MVP

19-05-2020

@aemcq5,

This might be because the OSGI configuration not set in the correct place. Can you please share the location of where these configurations live? Starting with /apps/my-project/config/*?

Avatar

Avatar
Ignite 1
Level 2
aemcq5
Level 2

Likes

3 likes

Total Posts

5 posts

Correct Reply

0 solutions
Top badges earned
Ignite 1
Give Back 3
Give Back
Boost 3
Boost 1
View profile

Avatar
Ignite 1
Level 2
aemcq5
Level 2

Likes

3 likes

Total Posts

5 posts

Correct Reply

0 solutions
Top badges earned
Ignite 1
Give Back 3
Give Back
Boost 3
Boost 1
View profile
aemcq5
Level 2

19-05-2020

The location does not seems to the issue as I am seeing the configuration is getting deployed to the right instance. Just that the configuration is not taking effect "unless I open the deployed configuration and save it manually". The path of the configuration is: /apps/<myproject>/config.prod.author/com.adobe.granite.auth.saml.SamlAuthenticationHandler.config.xml

Avatar

Avatar
Ignite 1
Level 2
aemcq5
Level 2

Likes

3 likes

Total Posts

5 posts

Correct Reply

0 solutions
Top badges earned
Ignite 1
Give Back 3
Give Back
Boost 3
Boost 1
View profile

Avatar
Ignite 1
Level 2
aemcq5
Level 2

Likes

3 likes

Total Posts

5 posts

Correct Reply

0 solutions
Top badges earned
Ignite 1
Give Back 3
Give Back
Boost 3
Boost 1
View profile
aemcq5
Level 2

19-05-2020

Hi aemmarc: my apologies, I probably did not understand the question. It seems that the JcrInstaller has been able to deploy the configuration successfully, as I can locate the deployed configuration in the config manager. The challenge is that the deployed SAML configuration does not take effect. Or in other words, after the deployment the navigating to the AEM https://myserver:4502/aem/start.html takes me to the AEM credentials page rather than authenticating me using the SSO. After I "just open the config, and save it", navigating to the link authenticates me on SSO. No login page is then shown. So seems like JcrInstaller did it's job but somehow the changes were not read by the AEM till I manually save the config

Avatar

Avatar
Ignite 1
Employee
aemmarc
Employee

Likes

184 likes

Total Posts

243 posts

Correct Reply

92 solutions
Top badges earned
Ignite 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile

Avatar
Ignite 1
Employee
aemmarc
Employee

Likes

184 likes

Total Posts

243 posts

Correct Reply

92 solutions
Top badges earned
Ignite 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile
aemmarc
Employee

19-05-2020

When you manually touch a config via ConfigMgr in the OSGI Felix Console it will create the config as a nt:file node under /apps/system/config . It's not touching the pre-existing sling:OsgiConfig node or config file. You can see which configuration is taking precedence here : http://<host>:<port>/system/console/osgi-installer.

Avatar

Avatar
Establish
MVP
BrianKasingli
MVP

Likes

627 likes

Total Posts

596 posts

Correct Reply

234 solutions
Top badges earned
Establish
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile

Avatar
Establish
MVP
BrianKasingli
MVP

Likes

627 likes

Total Posts

596 posts

Correct Reply

234 solutions
Top badges earned
Establish
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile
BrianKasingli
MVP

19-05-2020

Hmm, have you configured com.adobe.granite.auth.saml.SamlAuthenticationHandler.config.xml manually in the OSGI console? Check /apps/system/config for com.adobe.granite.auth.saml.SamlAuthenticationHandler.config, and delete this one. Try spinning up a new AEM instance with the correct run modes to test the content package.

Avatar

Avatar
Coach
Employee
jbrar
Employee

Likes

388 likes

Total Posts

869 posts

Correct Reply

283 solutions
Top badges earned
Coach
Establish
Give Back 50
Give Back 5
Give Back 3
View profile

Avatar
Coach
Employee
jbrar
Employee

Likes

388 likes

Total Posts

869 posts

Correct Reply

283 solutions
Top badges earned
Coach
Establish
Give Back 50
Give Back 5
Give Back 3
View profile
jbrar
Employee

19-05-2020

The best way to know the root cause of this issue is to go to OSGI installer after you deploy the configuration and check the state of that config.

 

There might be conflict with other configurations Or the config file under crx-quickstart/launchpad/config/**** might not be owned by crx user.

 

[1] http://<host>:<port>/system/console/osgi-installer

Avatar

Avatar
Give Back 5
Employee
sunjot16
Employee

Likes

105 likes

Total Posts

164 posts

Correct Reply

50 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back 25
Give Back 10
Give Back
View profile

Avatar
Give Back 5
Employee
sunjot16
Employee

Likes

105 likes

Total Posts

164 posts

Correct Reply

50 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back 25
Give Back 10
Give Back
View profile
sunjot16
Employee

19-05-2020

It is recommended to create and maintain the configuration file by making actual changes in the web console.

 

The following doc may be helpful:

https://docs.adobe.com/content/help/en/experience-manager-64/deploying/configuring/configuring-osgi....

 

Hope it helps !!

Avatar

Avatar
Give Back 50
Employee
berliant
Employee

Likes

207 likes

Total Posts

315 posts

Correct Reply

98 solutions
Top badges earned
Give Back 50
Give Back 5
Give Back 3
Give Back 25
Give Back 10
View profile

Avatar
Give Back 50
Employee
berliant
Employee

Likes

207 likes

Total Posts

315 posts

Correct Reply

98 solutions
Top badges earned
Give Back 50
Give Back 5
Give Back 3
Give Back 25
Give Back 10
View profile
berliant
Employee

19-05-2020

Make sure that your SAML configuration name includes a unique suffix:

com.adobe.granite.auth.saml.SamlAuthenticationHandler-myname.config