Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

SAML integration, Trust store ( publish instance) -manage configs from code

ppenmetsa
Level 1
Level 1

We have integrated SAML onto our AEM publish instances, for this we had to separately install certificate in both our publish instances trust store. On uploading the certificate in trust store an alias is getting autogenerated.

 

We are looking for options to maintain this SAML configuration in our code base. But since we have a different alias in both the publish instances its not possible to keep this in  code. is there some way we can upload this cert into truststore in author and replicate it to the publish instances

1 Accepted Solution
jbrar
Correct answer by
Employee
Employee

The alias is only generated/needed when setting up SAML and it should be a one-time activity. So, if the underlying certificate is not changing, you can use "config.author" for author SAML config and "config.publish" for publish SAML configuration and the alias will be applied as per the runmode.

 

If the certificates are regularly changing, then you can look into replicating the truststore from author to publish. In theory, it should work but I would recommend testing it before trying it on prod.

View solution in original post

3 Replies
jbrar
Correct answer by
Employee
Employee

The alias is only generated/needed when setting up SAML and it should be a one-time activity. So, if the underlying certificate is not changing, you can use "config.author" for author SAML config and "config.publish" for publish SAML configuration and the alias will be applied as per the runmode.

 

If the certificates are regularly changing, then you can look into replicating the truststore from author to publish. In theory, it should work but I would recommend testing it before trying it on prod.

View solution in original post

ppenmetsa
Level 1
Level 1
We have multiple publish servers so this is not a ideal solution
Ankur_Khare
Community Advisor
Community Advisor

To maintain them in code you have to perform below steps-

 

1. Copy master an hmac keys from author to publish environment.

 

2. Upload truststore in author and replicate the same.

 

3. Truststore alias generated in author could be used both in author and publish as we have copied hmac and master from author to publish.

 

4. You can keep files in run mode folders to pick server specific configs.

 

hope it helps.