Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

saml_login not found 404

Avatar

Level 4

i am trying to configure sso in aem 6.3. After IDP is redirecting to /saml_login url on aem, i am getting 404 error. In aem logs I can see below messages:

08.12.2017 17:15:18.244 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pi                                                                             d=com.adobe.granite.auth.saml.SamlAuthenticationHandler)] com.adobe.granite.auth                                                                             .saml Service [com.adobe.granite.auth.saml.SamlAuthenticationHandler,59547, [org                                                                             .apache.sling.auth.core.spi.AuthenticationHandler]] ServiceEvent REGISTERED

08.12.2017 17:15:42.778 *DEBUG* [qtp1363622188-331043] com.adobe.granite.auth.sa                                                                             ml.SamlAuthenticationHandler Could not retrieve SP's private key: Uninitialised                                                                              key store for user authentication-service

I have added the idp public store in trust store and added alias on saml handler. Need suggestion on what could be the issue here.

1 Accepted Solution

Avatar

Correct answer by
Level 9

Hi Rajjev,

  It might be blocked at dispatcher level. Verify the filter to allow for /saml_login.   Can you send debug logs of com.adobe.granite.auth.saml?

Thanks,

View solution in original post

9 Replies

Avatar

Level 10

So community can attempt to reproduce your issue, please point to the online doc you are following.

Avatar

Level 10

Also - watch this GEMS session on SAML and AEM - it may be beneficial to solving this issue -- Utilizing SAML in AEM deployments

Avatar

Level 4

Thanks Sam. I noticed that password is not getting setup on authentication-service trust store. It is showing error message - Some error occured when setting the password.

Avatar

Level 9

Hi Rajeev,

   Sounds you have registered to different path. At com.adobe.granite.auth.saml.SamlAuthenticationHandler configure path to /

Thanks,

Avatar

Level 4

HI MC,

Path is / in SamlAuthenticationHandler configuration.

Avatar

Level 4

Hi Sam,

In dispatcher logs, I can see below message

Filter rejects: POST /saml_login

I have added idp domain in referral filter. Do we need to do anything additional at dispatcher on aem instance to allow saml_login POST requests?

Avatar

Level 4

Once i have allowed post request to /saml_login, it is now throwing 403 forbidden error.

Avatar

Correct answer by
Level 9

Hi Rajjev,

  It might be blocked at dispatcher level. Verify the filter to allow for /saml_login.   Can you send debug logs of com.adobe.granite.auth.saml?

Thanks,