Expand my Community achievements bar.

SOLVED

SAML integration, Trust store ( publish instance) -manage configs from code

Avatar

Level 3
Level 3
3/31/21 6:16:55 AM

We have integrated SAML onto our AEM publish instances, for this we had to separately install certificate in both our publish instances trust store. On uploading the certificate in trust store an alias is getting autogenerated.

 

We are looking for options to maintain this SAML configuration in our code base. But since we have a different alias in both the publish instances its not possible to keep this in  code. is there some way we can upload this cert into truststore in author and replicate it to the publish instances

Views

904

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
4/1/21 8:26:03 AM

The alias is only generated/needed when setting up SAML and it should be a one-time activity. So, if the underlying certificate is not changing, you can use "config.author" for author SAML config and "config.publish" for publish SAML configuration and the alias will be applied as per the runmode.

 

If the certificates are regularly changing, then you can look into replicating the truststore from author to publish. In theory, it should work but I would recommend testing it before trying it on prod.

View solution in original post

Views

866

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Employee Advisor
Employee Advisor
4/1/21 8:26:03 AM

The alias is only generated/needed when setting up SAML and it should be a one-time activity. So, if the underlying certificate is not changing, you can use "config.author" for author SAML config and "config.publish" for publish SAML configuration and the alias will be applied as per the runmode.

 

If the certificates are regularly changing, then you can look into replicating the truststore from author to publish. In theory, it should work but I would recommend testing it before trying it on prod.

Views

867

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 3
Level 3
4/5/21 7:56:21 AM
In response to Jaideep_Brar
We have multiple publish servers so this is not a ideal solution

Views

830

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
4/1/21 9:16:56 PM

To maintain them in code you have to perform below steps-

 

1. Copy master an hmac keys from author to publish environment.

 

2. Upload truststore in author and replicate the same.

 

3. Truststore alias generated in author could be used both in author and publish as we have copied hmac and master from author to publish.

 

4. You can keep files in run mode folders to pick server specific configs.

 

hope it helps.

Views

851

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Integrate splunk with aemaacs

Views

63

Likes

0

Replies

3
Way to remove the timestamp from the metadata field for expiry date

Views

133

Likes

0

Replies

4
AEM AS Cloud Service integration with Splunk

Views

86

Likes

0

Replies

2
Retaining domain name in AEMaaCS Publish Servers

Views

97

Likes

0

Replies

2
Publishing redirects config took 3 minutes while single redirect

Views

58

Likes

0

Replies

1