We are doing SAML integration with Okta IDP on AEM Publisher and after doing all the required configurations, getting forbidden 403 when IDP is redirecting to AEM.
[26/May/2023:10:25:20 +0000] [I] [cm-p104909-e982861-aem-publish-7cfb4c8c6d-nmjt2] "GET /content/cisco-dcloud/us/en/home/secure.html" 200 7ms [publishfarm/0] [actionnone] publish-p104909-e982861.adobeaemcloud.com
[26/May/2023:10:25:23 +0000] [I] [cm-p104909-e982861-aem-publish-7cfb4c8c6d-nmjt2] "POST /content/cisco-dcloud/saml_login" 403 7ms [publishfarm/0] [actionnone] publish-p104909-e982861.adobeaemcloud.com
We have allowed the POST request to */saml_login in filter rules on dispatcher as shown below but still getting 403 on POST request:
# Allow SAML HTTP POST to ../saml_login end points
/0110 { /type "allow" /method "POST" /url "*/saml_login" }
Please suggest what can be the issue.
Solved! Go to Solution.
Views
Replies
Total Likes
Hello @pardeepg4829047
We also need to update "Referrer filter" and "CORS" settings.
requesting you to please cross-check if all steps are implemented.
Hello @pardeepg4829047
We also need to update "Referrer filter" and "CORS" settings.
requesting you to please cross-check if all steps are implemented.
@aanchal-sikka - we have already done the required configurations for CORS and Referrer Filter configs as per below but still the issue persists.
CORS:
{
"alloworigin": [
"$[env:SAML_IDP_ORIGIN;default=http://www.okta.com]"
],
"allowedpaths": [
".*/saml_login"
],
"supportedmethods": [
"POST"
]
}
Referrer Filter:
{
"allow.empty": true,
"allow.hosts.regexp": "http://www.okta.com",
"allow.hosts": [
"$[env:SAML_IDP_REFERRER;default=http://www.okta.com]"
],
"filter.methods": [
"POST"
],
"exclude.agents.regexp": [ ]
}
The issue was with incorrect host in referrer filter. We identified the correct referrer from SAML response.
We changed the below entry to fix the issue:
$[env:SAML_IDP_REFERRER;default=http://www.okta.com]
to
$[env:SAML_IDP_REFERRER;default=int-id.cisco.com]
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies