Expand my Community achievements bar.

SOLVED

SAML integration, Trust store ( publish instance) -manage configs from code

Avatar

Level 2
Level 2
3/31/21 6:16:55 AM

We have integrated SAML onto our AEM publish instances, for this we had to separately install certificate in both our publish instances trust store. On uploading the certificate in trust store an alias is getting autogenerated.

 

We are looking for options to maintain this SAML configuration in our code base. But since we have a different alias in both the publish instances its not possible to keep this in  code. is there some way we can upload this cert into truststore in author and replicate it to the publish instances

Views

679

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
4/1/21 8:26:03 AM

The alias is only generated/needed when setting up SAML and it should be a one-time activity. So, if the underlying certificate is not changing, you can use "config.author" for author SAML config and "config.publish" for publish SAML configuration and the alias will be applied as per the runmode.

 

If the certificates are regularly changing, then you can look into replicating the truststore from author to publish. In theory, it should work but I would recommend testing it before trying it on prod.

View solution in original post

Views

641

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Employee Advisor
Employee Advisor
4/1/21 8:26:03 AM

The alias is only generated/needed when setting up SAML and it should be a one-time activity. So, if the underlying certificate is not changing, you can use "config.author" for author SAML config and "config.publish" for publish SAML configuration and the alias will be applied as per the runmode.

 

If the certificates are regularly changing, then you can look into replicating the truststore from author to publish. In theory, it should work but I would recommend testing it before trying it on prod.

Views

642

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
4/5/21 7:56:21 AM
In response to Jaideep_Brar
We have multiple publish servers so this is not a ideal solution

Views

605

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
4/1/21 9:16:56 PM

To maintain them in code you have to perform below steps-

 

1. Copy master an hmac keys from author to publish environment.

 

2. Upload truststore in author and replicate the same.

 

3. Truststore alias generated in author could be used both in author and publish as we have copied hmac and master from author to publish.

 

4. You can keep files in run mode folders to pick server specific configs.

 

hope it helps.

Views

626

Replies

0
Sign in to like this content

Total Likes

Translate
Translate