Adobe Experience Manager Sites & More

amitmsharma · 7:27:52 PM

Hi,

While configuring AEM 6.1 SAML packge I am receiving error once I get back to /saml_login consumption

com.adobe.granite.keystore.KeyStoreNotInitialisedException: Uninitialised system trust store.

As I see, there are some additional fields added to SAML configuration in AEM 6.1 compared to 5.6.

If anyone can please share what need to be entered to these values and how to get values for same. like IDP Certificate Alias, SP Private Key Alias, Password of keystore and which of these values are mandatory,

any input is welcome.

\Amit

smacdonald2008 · 7:27:52 PM

If the documentation is not clear (it looks like that since you stated: so don't really know which certificate to add and where) and leads to mistakes - open a ticket here:

https://helpx.adobe.com/marketing-cloud/experience-manager.html

Log a bug against the docs and get official help for your use case.

元の投稿で解決策を見る

amitmsharma · 7:27:52 PM

logs below

02.04.2015 08:39:13.455 *WARN* [qtp1468301140-375] com.adobe.granite.auth.saml.SamlAuthenticationHandler Could not retrieve SP's private key: Uninitialised key store for user authentication-service

02.04.2015 08:39:13.455 *WARN* [qtp1468301140-375] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.

smacdonald2008 · 7:27:52 PM

Are you following AEM docs for this use case? For example, https://helpx.adobe.com/experience-manager/kb/saml-demo.html.

amitmsharma · 7:27:52 PM

Yes @smacdonald2008. I did that and I have this working on AEM 5.6 and 6 with sp1 instance earlier but this issue is specific to AEM 6.1 that I am facing.

amitmsharma · 7:27:52 PM

I followed steps mentioned at below link and the error is changed from Uninitialised system trust store to Could not read IdP certificate from truststore

https://helpx.adobe.com/aem-forms/6/configuring-document-services.html#Enabling%20AES-256%20for%20En...

I have received a meta file from IDP containing der certificate and some other settings. so don't really know which certificate to add and where.

Any help ??

saml logs list here:

02.04.2015 14:11:25.006 *ERROR* [qtp1468301140-399] com.adobe.granite.auth.saml.binding.PostBinding Unable to receive SAML message. Could not read IdP certificate from truststore.
02.04.2015 14:11:25.006 *ERROR* [qtp1468301140-399] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML response parameter was not provided or invalid.
02.04.2015 14:11:25.015 *WARN* [qtp1468301140-399] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.

smacdonald2008 · 7:27:52 PM

If the documentation is not clear (it looks like that since you stated: so don't really know which certificate to add and where) and leads to mistakes - open a ticket here:

https://helpx.adobe.com/marketing-cloud/experience-manager.html

Log a bug against the docs and get official help for your use case.

kvanstone · 2:05:16 PM

Just curious if this was resolved...? I am facing the same issue.

smacdonald2008 · 4:07:46 PM

Have you followed this online article http://adobeaemclub.com/setting-saml-authentication/ We are going to look into setting up Ask the experts on this use case. Too many questions.

amitmsharma · 10:11:19 PM

Please follow below tutorial to set additional configuration for 6.1:

http://www.aemstuff.com/blogs/july/saml.html

After making these changes this should work.

kvanstone · 7:43:59 AM

Yes, I'm aware of the articles suggested and have followed their steps. To be more accurate, we had SAML set up and working by following these instructions. But, at some point (I'm not sure when/why) it has broken and now we just receive the uninitialised system trust store error. It's not entirely clear to me what the error means; I have created the trust store and can still view it. How does it become initialized? Does it ever need to be "re-initialized", for instance after a system change, hot fix install, etc? Also, thought I would try removing and re-creating the trust store but I can not figure out how to remove it. Is there a way?