Leiste mit Community-Erfolgen erweitern.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now

Mark Solution

Diese Konversation wurde aufgrund von Inaktivität geschlossen. Bitte erstellen Sie einen neuen Post.

GELÖST

SAML POST from Okta IDP to AEMaaCS failing

Avatar

Level 4
Level 4
29.05.23 11:46:32 PM

We are doing SAML integration with Okta IDP on AEM Publisher and after doing all the required configurations, getting forbidden 403 when IDP is redirecting to AEM.

[26/May/2023:10:25:20 +0000] [I] [cm-p104909-e982861-aem-publish-7cfb4c8c6d-nmjt2] "GET /content/cisco-dcloud/us/en/home/secure.html" 200 7ms [publishfarm/0] [actionnone] publish-p104909-e982861.adobeaemcloud.com
[26/May/2023:10:25:23 +0000] [I] [cm-p104909-e982861-aem-publish-7cfb4c8c6d-nmjt2] "POST /content/cisco-dcloud/saml_login" 403 7ms [publishfarm/0] [actionnone] publish-p104909-e982861.adobeaemcloud.com

 

We have allowed the POST request to */saml_login in filter rules on dispatcher as shown below but still getting 403 on POST request:

 

# Allow SAML HTTP POST to ../saml_login end points
/0110 { /type "allow" /method "POST" /url "*/saml_login" }

 

Please suggest what can be the issue.

Zugriffe

876

Antworten

3
Melden Sie sich an, um diesen Inhalt zu liken

Likes gesamt

Übersetzen
Übersetzen
1 Akzeptierte Lösung

Avatar

Korrekte Antwort von
Community Advisor
Community Advisor
30.05.23 1:41:52 AM

Hello @pardeepg4829047 

 

We also need to update "Referrer filter" and "CORS" settings.

https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/authentication/saml-2...

 

requesting you to please cross-check if all steps are implemented.

Aanchal Sikka

Lösung in ursprünglichem Beitrag anzeigen

Zugriffe

864

Antworten

2
Melden Sie sich an, um diesen Inhalt zu liken

Likes gesamt

Übersetzen
Übersetzen
Zu Antwort springen
3 Antworten

Avatar

Korrekte Antwort von
Community Advisor
Community Advisor
30.05.23 1:41:52 AM

Hello @pardeepg4829047 

 

We also need to update "Referrer filter" and "CORS" settings.

https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/authentication/saml-2...

 

requesting you to please cross-check if all steps are implemented.

Aanchal Sikka

Zugriffe

865

Antworten

2
Melden Sie sich an, um diesen Inhalt zu liken

Likes gesamt

Übersetzen
Übersetzen
Zu Antwort springen

Avatar

Level 4
Level 4
30.05.23 3:58:03 AM
Als Antwort auf aanchal-sikka

@aanchal-sikka  - we have already done the required configurations for CORS and Referrer Filter configs as per below but still the issue persists.

 

CORS:

{

"alloworigin": [

"$[env:SAML_IDP_ORIGIN;default=http://www.okta.com]"

],

"allowedpaths": [

".*/saml_login"

],

"supportedmethods": [

"POST"

]

}

 

Referrer Filter:

{

"allow.empty": true,

"allow.hosts.regexp": "http://www.okta.com",

"allow.hosts": [

"$[env:SAML_IDP_REFERRER;default=http://www.okta.com]"

],

"filter.methods": [

"POST"

],

"exclude.agents.regexp": [ ]

}

Zugriffe

854

Antworten

1
Melden Sie sich an, um diesen Inhalt zu liken

Likes gesamt

Übersetzen
Übersetzen

Avatar

Level 4
Level 4
01.06.23 6:49:19 AM
Als Antwort auf pardeepg4829047

The issue was with incorrect host in referrer filter. We identified the correct referrer from SAML response.

 

We changed the below entry to fix the issue:

 

$[env:SAML_IDP_REFERRER;default=http://www.okta.com]

 

to 

 

$[env:SAML_IDP_REFERRER;default=int-id.cisco.com]

Zugriffe

820

Antworten

0
Melden Sie sich an, um diesen Inhalt zu liken

Likes gesamt

Übersetzen
Übersetzen
Verwandte Konversationen
Passing Dynamic media renditions details from Content Fragment to 3rd party app via GrpaphQL Query Solved

Zugriffe

140

Likes

0

Antworten

4
Tool to generate authoring docs for Content Fragment Model Solved

Zugriffe

123

Likes

0

Antworten

2
How to Index AEM Page Metadata (Tags, Title, Description) in Coveo? Solved

Zugriffe

82

Likes

0

Antworten

2
Pass asset metadata from GraphQL Query Solved

Zugriffe

156

Likes

0

Antworten

4
Call Custom JS logic from my specific Content Fragment Model Solved

Zugriffe

119

Likes

0

Antworten

3