Adobe Experience Manager Sites & More

Veera_kandregul · 7:06:31 PM

Hi All,

Am looking into options on how to configure SAML on our AEM instances, especially uploading truststore and keystore.

From the documentation, we understand that we can go to admin console and manually upload the certificates, but they are manual steps and biggest issue is the truststore alias is random number which is restricting us to put SAML config in source control.

Can you let us know if there is any other option to upload the truststore and keystore into AEM instances, say through CURL?

Also, is there a way to predefine the truststore alias key?

Note: Tried below solution but not working in 6.2

Providing TrustStore and KeyStore from content package

pauloros · 3:11:31 PM

Hi Veera,

The only option I found so far to more predictably package the truststore is:

create the truststore on one instance (manually)
add the IDP certificate manually
write down the certificate alias
create the SAML config based on that alias
create a package with /etc/key, /etc/truststore, /home/users/system/authentication-service

When you deploy this package on another instance it should have the same certificate ID in the new instance.

If you find a better/different way, let me known.

Regards,

Paul

원본 게시물의 솔루션 보기

prateekkumar1 · 9:33:14 PM

Hi Veena

The truststore alias is generated only once. You need to take it and add it in com.adobe.granite.auth.saml.SamlAuthenticationHandler.xml file against idpCertAlias property. You can then source control the xml file.

Please let me know if you need more information.

Veera_kandregul · 9:41:02 PM

Hi Prateek,

Thank you for your comments.

We are creating new instances for every release, so the concept of 'apply once' and 'stays forever' wont apply for us.

Looking into ways how we can create trust store (with predefined alias) through non-manual steps, so that we can put those steps as part of stack creation.

Cheers,

Veera

Veera_kandregul · 8:29:16 PM