Expand my Community achievements bar.

Learn about Edge Delivery Services in upcoming GEM session
Register!
SOLVED

saml_login not found 404

Avatar

Level 4
Level 4
12/11/17 11:16:41 AM

i am trying to configure sso in aem 6.3. After IDP is redirecting to /saml_login url on aem, i am getting 404 error. In aem logs I can see below messages:

08.12.2017 17:15:18.244 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pi                                                                             d=com.adobe.granite.auth.saml.SamlAuthenticationHandler)] com.adobe.granite.auth                                                                             .saml Service [com.adobe.granite.auth.saml.SamlAuthenticationHandler,59547, [org                                                                             .apache.sling.auth.core.spi.AuthenticationHandler]] ServiceEvent REGISTERED

08.12.2017 17:15:42.778 *DEBUG* [qtp1363622188-331043] com.adobe.granite.auth.sa                                                                             ml.SamlAuthenticationHandler Could not retrieve SP's private key: Uninitialised                                                                              key store for user authentication-service

I have added the idp public store in trust store and added alias on saml handler. Need suggestion on what could be the issue here.

Views

6.9K

Replies

9
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 9
Level 9
12/12/17 11:21:56 PM

Hi Rajjev,

  It might be blocked at dispatcher level. Verify the filter to allow for /saml_login.   Can you send debug logs of com.adobe.granite.auth.saml?

Thanks,

View solution in original post

Views

5.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
9 Replies

Avatar

Level 10
Level 10
12/11/17 1:19:04 PM

So community can attempt to reproduce your issue, please point to the online doc you are following.

Views

4.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
12/11/17 1:41:14 PM

Also - watch this GEMS session on SAML and AEM - it may be beneficial to solving this issue -- Utilizing SAML in AEM deployments

Views

4.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
12/11/17 2:23:25 PM

Thanks Sam. I noticed that password is not getting setup on authentication-service trust store. It is showing error message - Some error occured when setting the password.

Views

4.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 9
Level 9
12/11/17 10:52:24 PM

Hi Rajeev,

   Sounds you have registered to different path. At com.adobe.granite.auth.saml.SamlAuthenticationHandler configure path to /

Thanks,

Views

4.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
12/12/17 6:19:10 AM

HI MC,

Path is / in SamlAuthenticationHandler configuration.

Views

4.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
12/12/17 7:56:59 AM

Hi Sam,

In dispatcher logs, I can see below message

Filter rejects: POST /saml_login

I have added idp domain in referral filter. Do we need to do anything additional at dispatcher on aem instance to allow saml_login POST requests?

Views

4.6K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
12/12/17 8:09:49 AM

Once i have allowed post request to /saml_login, it is now throwing 403 forbidden error.

Views

4.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 9
Level 9
12/12/17 11:21:56 PM

Hi Rajjev,

  It might be blocked at dispatcher level. Verify the filter to allow for /saml_login.   Can you send debug logs of com.adobe.granite.auth.saml?

Thanks,

Views

5.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply