Expand my Community achievements bar.

SOLVED

saml integration problems (6.3)

Avatar

Level 1

Hi ,

As per ADOBE SAML INTEGRATION documentation  I have configured

1) AEM trust store with IDP certificate given by idp admin

2) Configure AEM KeyStore with private certificate from service provider (AEM)

3) Configured referrer filter

4) Configure SAML 2.0 Authentication Handler

5)Configure logging for SSO (saml.log)

whenever we are trying to access the IDP url it says the PAGE IS EXPIRED .

SAML.LOG :- 

com.adobe.granite.auth.saml.util.SamlReader Document is invalid: no grammar found.
com.adobe.granite.auth.saml.util.SamlReader Document root element "samlp:Response", must match DOCTYPE root "null".

INFO:-  both of our IDP and AEM servers are in the same timezone , we are accessing the instance from dispatcher to publish .

 

Thanks  in advance

Venkata sai kiran .

1 Accepted Solution

Avatar

Correct answer by
Employee

You can ignore this message you mentioned as this was a minor issue with the SAX parser but can be ignored for now. The issue is somewhere else either in config on AEM end or IDP end that would need some debugging

Can you setup debug logs for SAML, Capture HAR Trace with complete cycle of requests and send me  the information for review. I can tell what you need to rectify.

View solution in original post

3 Replies

Avatar

Correct answer by
Employee

You can ignore this message you mentioned as this was a minor issue with the SAX parser but can be ignored for now. The issue is somewhere else either in config on AEM end or IDP end that would need some debugging

Can you setup debug logs for SAML, Capture HAR Trace with complete cycle of requests and send me  the information for review. I can tell what you need to rectify.

Avatar

Level 1

Thanks for the response Kunwar , yes we figured out that was a issue from AEM side (SAX parser ) .

So whenever we hitting our URL it was going to IDP for authentication and next when it redirects into AEM when haven't  had any SAMPLE page or LOGIN page  to view that is the reason we weren't able to see  the page .

Avatar

Level 1

INFO :-

whenever you  configure SAML in your setup make sure that you have login page or content for display, when the authentication is done form the IDP SIDE.