Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

SAML | IDP Certificate through CURL

Avatar

Avatar
Validate 10
Level 2
Veera_kandregul
Level 2

Likes

5 likes

Total Posts

27 posts

Correct Reply

2 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile

Avatar
Validate 10
Level 2
Veera_kandregul
Level 2

Likes

5 likes

Total Posts

27 posts

Correct Reply

2 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile
Veera_kandregul
Level 2

18-02-2018

Hi All,

Am looking into options on how to configure SAML on our AEM instances, especially uploading truststore and keystore.

From the documentation, we understand that we can go to admin console and manually upload the certificates, but they are manual steps and biggest issue is the truststore alias is random number which is restricting us to put SAML config in source control.

Can you let us know if there is any other option to upload the truststore and keystore into AEM instances, say through CURL?

Also, is there a way to predefine the truststore alias key?

1422041_pastedImage_0.png

Note: Tried below solution but not working in 6.2

Providing TrustStore and KeyStore from content package

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Affirm 1
Level 1
pauloros
Level 1

Likes

0 likes

Total Posts

1 post

Correct Reply

1 solution
Top badges earned
Affirm 1
View profile

Avatar
Affirm 1
Level 1
pauloros
Level 1

Likes

0 likes

Total Posts

1 post

Correct Reply

1 solution
Top badges earned
Affirm 1
View profile
pauloros
Level 1

08-03-2018

Hi Veera,

The only option I found so far to more predictably package the truststore is:
  1. create the truststore on one instance (manually)
  2. add the IDP certificate manually
  3. write down the certificate alias
  4. create the SAML config based on that alias
  5. create a package with /etc/key, /etc/truststore, /home/users/system/authentication-service

When you deploy this package on another instance it should have the same certificate ID in the new instance.

If you find a better/different way, let me known.

Regards,

Paul

Answers (5)

Answers (5)

Avatar

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,408 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,408 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile
smacdonald2008
Level 10

09-03-2018

New article out soon too - but this is done manually.

Scott's Digital Community: Integrating SAML with Adobe Experience Manager

Avatar

Avatar
Validate 10
Level 2
Veera_kandregul
Level 2

Likes

5 likes

Total Posts

27 posts

Correct Reply

2 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile

Avatar
Validate 10
Level 2
Veera_kandregul
Level 2

Likes

5 likes

Total Posts

27 posts

Correct Reply

2 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile
Veera_kandregul
Level 2

04-03-2018

Bumping up to the top again,

Any pointers pls?

Avatar

Avatar
Validate 10
Level 2
Veera_kandregul
Level 2

Likes

5 likes

Total Posts

27 posts

Correct Reply

2 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile

Avatar
Validate 10
Level 2
Veera_kandregul
Level 2

Likes

5 likes

Total Posts

27 posts

Correct Reply

2 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile
Veera_kandregul
Level 2

22-02-2018

Hi All,

Any pointers pls?

Avatar

Avatar
Validate 10
Level 2
Veera_kandregul
Level 2

Likes

5 likes

Total Posts

27 posts

Correct Reply

2 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile

Avatar
Validate 10
Level 2
Veera_kandregul
Level 2

Likes

5 likes

Total Posts

27 posts

Correct Reply

2 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile
Veera_kandregul
Level 2

18-02-2018

Hi Prateek,

Thank you for your comments.

We are creating new instances for every release, so the concept of 'apply once' and 'stays forever' wont apply for us.

Looking into ways how we can create trust store (with predefined alias) through non-manual steps, so that we can put those steps as part of stack creation.

Cheers,

Veera

Avatar

Avatar
Give Back
Level 1
prateekkumar
Level 1

Likes

3 likes

Total Posts

8 posts

Correct Reply

0 solutions
Top badges earned
Give Back
Validate 1
Boost 3
Boost 1
View profile

Avatar
Give Back
Level 1
prateekkumar
Level 1

Likes

3 likes

Total Posts

8 posts

Correct Reply

0 solutions
Top badges earned
Give Back
Validate 1
Boost 3
Boost 1
View profile
prateekkumar
Level 1

18-02-2018

Hi Veena

The truststore alias is generated only once. You need to take it and add it in com.adobe.granite.auth.saml.SamlAuthenticationHandler.xml file against idpCertAlias property. You can then source control the xml file.

Please let me know if you need more information.