Highlighted

OSGi configuration deployed using package is not taking effect

Avatar

Avatar

aemcq5

Avatar

aemcq5

aemcq5

19-05-2020

SAML OSGi configuration (com.adobe.granite.auth.saml.SamlAuthenticationHandler.config) that is deployed using package (e.g. config.author, config.dev) is not taking effect. After each deployment, one needs to open the config manager, and just "save" the deployed configuration. Has anyone faced similar issues. Kindly share the resolution.

 

~~~~~~~~~~~~~~~~~~~~~~~~~   UPDATE ~~~~~~~~~~~~~~~~~~~~~~~~~~

 

@berliant , @sunjot16 , @jbrar , @BrianKasingli , @aemmarc greatly appreciate your leads. I thought, I would update you about what I have tried today. The issue is not resolved but I have some information on what appears to be resolving the issue. When the ui.apps package is deployed, I get these two entries in the error.log:

 

19.05.2020 16:51:15.225 *INFO* [JcrInstaller.1] org.apache.sling.installer.provider.jcr.impl.JcrInstaller Registering resource with OSGi installer: [InstallableResource, priority=200, id=/apps/cms-commons/config/com.client.cms.commons.service.impl.ProductSearchServiceImpl, InstallableResource, priority=200, id=/apps/cms-commons/config/org.apache.sling.commons.log.LogManager.factory.config-SAML, InstallableResource, priority=200, id=/apps/cms-commons/config/org.apache.sling.commons.log.LogManager.factory.config-cms-commons, InstallableResource, priority=200, id=/apps/cms-commons/config/com.client.cms.commons.service.impl.CMSCommonsConfigurationImpl, InstallableResource, priority=200, id=/apps/cms-commons/config/org.apache.sling.security.impl.ContentDispositionFilter.config, InstallableResource, priority=200, id=/apps/cms-commons/config/com.day.cq.commons.impl.ExternalizerImpl.config, InstallableResource, priority=200, id=/apps/cms-commons/config/com.client.cms.commons.service.impl.SiteSearchUrlConfigurationImpl, InstallableResource, priority=200, id=/apps/cms-commons/config/com.adobe.granite.auth.saml.SamlAuthenticationHandler.config, InstallableResource, priority=200, id=/apps/cms-commons/config/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-cms-commons, InstallableResource, priority=200, id=/apps/cms-commons/config/com.client.cms.commons.service.impl.TagRootPathServiceImpl, InstallableResource, priority=200, id=/apps/cms-commons/config/com.client.cms.commons.service.impl.APIConfigurationImpl]

19.05.2020 16:51:19.278 *INFO* [OsgiInstallerImpl] org.apache.sling.audit.osgi.installer Installed configuration com.adobe.granite.auth.saml.SamlAuthenticationHandler from resource TaskResource(url=jcrinstall:/apps/cms-commons/config/com.adobe.granite.auth.saml.SamlAuthenticationHandler.config, entity=config:com.adobe.granite.auth.saml.SamlAuthenticationHandler, state=INSTALL, attributes=[org.apache.sling.installer.api.tasks.ResourceTransformer=:31:, service.pid=com.adobe.granite.auth.saml.SamlAuthenticationHandler], digest=a83b1f829c4410343b863230ebb7a9ed)

 

Clearly the JcrInstaller did it's job and installed the com.adobe.granite.auth.saml.SamlAuthenticationHandler

@jbrar , I checked the status in http://<host>:<port>/system/console/osgi-installer and it is INSTALLED

I opened up the configuration in the config manager, and just re-saved. No configuration was changed. With that I have this entry in the error.log

 

19.05.2020 16:52:12.172 *INFO* [JcrInstaller.1] org.apache.sling.installer.provider.jcr.impl.JcrInstaller Registering resource with OSGi installer: [InstallableResource, priority=200, id=/apps/cms-commons/config/com.adobe.granite.auth.saml.SamlAuthenticationHandler.config]

 

The SSO started working after this step of re-saving. So it seems that the JcrInstaller, when invoked the first time (by the package deployment) lacked something that required re-registering the resource with OSGi installer. I parsed the error.log for errors after first registering, I could not find any.

@berliant , I tried with both names: com.adobe.granite.auth.saml.SamlAuthenticationHandler-myname.config and without myname, the behavior listed above remained same. So that can be ruled out.

@sunjot16 , thanks for the lead. It seems the configuration being deployed is correct as the re-saving is all that I am doing to make things work. What are your thoughts?

@aemmarc , I am not able to find the config in the /apps/system/config after re-saving. Since it was not manually created or touched, it probably was not saved into the /apps/system/config

@BrianKasingli , I had previously created it manually but that was long back deleted. So at the time of deployment, the /apps/system/config did not have any  com.adobe.granite.auth.saml.SamlAuthenticationHandler.config. Yeah, I can try with a blank AEM instance.

deployment osgi SAML

Replies

Highlighted

Avatar

Avatar

aemmarc

Employee

Avatar

aemmarc

Employee

aemmarc
Employee

19-05-2020

How deep is the path to the config?  The JCR Installer (org.apache.sling.installer.provider.jcr.impl.JcrInstaller) by default only looks to a max depth of 4. 

Highlighted

Avatar

Avatar

BrianKasingli

MVP

Avatar

BrianKasingli

MVP

BrianKasingli
MVP

19-05-2020

@aemcq5,

This might be because the OSGI configuration not set in the correct place. Can you please share the location of where these configurations live? Starting with /apps/my-project/config/*?

Highlighted

Avatar

Avatar

aemcq5

Avatar

aemcq5

aemcq5

19-05-2020

The location does not seems to the issue as I am seeing the configuration is getting deployed to the right instance. Just that the configuration is not taking effect "unless I open the deployed configuration and save it manually". The path of the configuration is: /apps/<myproject>/config.prod.author/com.adobe.granite.auth.saml.SamlAuthenticationHandler.config.xml
Highlighted

Avatar

Avatar

aemcq5

Avatar

aemcq5

aemcq5

19-05-2020

Hi aemmarc: my apologies, I probably did not understand the question. It seems that the JcrInstaller has been able to deploy the configuration successfully, as I can locate the deployed configuration in the config manager. The challenge is that the deployed SAML configuration does not take effect. Or in other words, after the deployment the navigating to the AEM https://myserver:4502/aem/start.html takes me to the AEM credentials page rather than authenticating me using the SSO. After I "just open the config, and save it", navigating to the link authenticates me on SSO. No login page is then shown. So seems like JcrInstaller did it's job but somehow the changes were not read by the AEM till I manually save the config
Highlighted

Avatar

Avatar

aemmarc

Employee

Avatar

aemmarc

Employee

aemmarc
Employee

19-05-2020

When you manually touch a config via ConfigMgr in the OSGI Felix Console it will create the config as a nt:file node under /apps/system/config . It's not touching the pre-existing sling:OsgiConfig node or config file. You can see which configuration is taking precedence here : http://<host>:<port>/system/console/osgi-installer.
Highlighted

Avatar

Avatar

BrianKasingli

MVP

Avatar

BrianKasingli

MVP

BrianKasingli
MVP

19-05-2020

Hmm, have you configured com.adobe.granite.auth.saml.SamlAuthenticationHandler.config.xml manually in the OSGI console? Check /apps/system/config for com.adobe.granite.auth.saml.SamlAuthenticationHandler.config, and delete this one. Try spinning up a new AEM instance with the correct run modes to test the content package.
Highlighted

Avatar

Avatar

jbrar

Employee

Avatar

jbrar

Employee

jbrar
Employee

19-05-2020

The best way to know the root cause of this issue is to go to OSGI installer after you deploy the configuration and check the state of that config.

 

There might be conflict with other configurations Or the config file under crx-quickstart/launchpad/config/**** might not be owned by crx user.

 

[1] http://<host>:<port>/system/console/osgi-installer

Highlighted

Avatar

Avatar

sunjot16

Employee

Avatar

sunjot16

Employee

sunjot16
Employee

19-05-2020

It is recommended to create and maintain the configuration file by making actual changes in the web console.

 

The following doc may be helpful:

https://docs.adobe.com/content/help/en/experience-manager-64/deploying/configuring/configuring-osgi....

 

Hope it helps !!

Highlighted

Avatar

Avatar

berliant

Employee

Avatar

berliant

Employee

berliant
Employee

19-05-2020

Make sure that your SAML configuration name includes a unique suffix:

com.adobe.granite.auth.saml.SamlAuthenticationHandler-myname.config