Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
SOLVED

saml_login not found 404

Avatar

Level 4

i am trying to configure sso in aem 6.3. After IDP is redirecting to /saml_login url on aem, i am getting 404 error. In aem logs I can see below messages:

08.12.2017 17:15:18.244 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pi                                                                             d=com.adobe.granite.auth.saml.SamlAuthenticationHandler)] com.adobe.granite.auth                                                                             .saml Service [com.adobe.granite.auth.saml.SamlAuthenticationHandler,59547, [org                                                                             .apache.sling.auth.core.spi.AuthenticationHandler]] ServiceEvent REGISTERED

08.12.2017 17:15:42.778 *DEBUG* [qtp1363622188-331043] com.adobe.granite.auth.sa                                                                             ml.SamlAuthenticationHandler Could not retrieve SP's private key: Uninitialised                                                                              key store for user authentication-service

I have added the idp public store in trust store and added alias on saml handler. Need suggestion on what could be the issue here.

1 Accepted Solution

Avatar

Correct answer by
Level 9

Hi Rajjev,

  It might be blocked at dispatcher level. Verify the filter to allow for /saml_login.   Can you send debug logs of com.adobe.granite.auth.saml?

Thanks,

View solution in original post

9 Replies

Avatar

Level 10

So community can attempt to reproduce your issue, please point to the online doc you are following.

Avatar

Level 10

Also - watch this GEMS session on SAML and AEM - it may be beneficial to solving this issue -- Utilizing SAML in AEM deployments

Avatar

Level 4

Thanks Sam. I noticed that password is not getting setup on authentication-service trust store. It is showing error message - Some error occured when setting the password.

Avatar

Level 9

Hi Rajeev,

   Sounds you have registered to different path. At com.adobe.granite.auth.saml.SamlAuthenticationHandler configure path to /

Thanks,

Avatar

Level 4

HI MC,

Path is / in SamlAuthenticationHandler configuration.

Avatar

Level 4

Hi Sam,

In dispatcher logs, I can see below message

Filter rejects: POST /saml_login

I have added idp domain in referral filter. Do we need to do anything additional at dispatcher on aem instance to allow saml_login POST requests?

Avatar

Level 4

Once i have allowed post request to /saml_login, it is now throwing 403 forbidden error.

Avatar

Correct answer by
Level 9

Hi Rajjev,

  It might be blocked at dispatcher level. Verify the filter to allow for /saml_login.   Can you send debug logs of com.adobe.granite.auth.saml?

Thanks,