Expand my Community achievements bar.

SOLVED

SAML Redirection issue in AEM 6.2

Avatar

Level 3

We have done an AEM 6.2 upgrade from AEM 6.0, post that any request to resource through SAML handler is redirecting to home page.

for example : when resource request is for 'events' page like this is www.ex.com/system/sling/login?resource=/content/project/events.html it's redirecting 
to home page instead of requested resource.This was working in AEM 6.0.

because of this none of the CUG pages are working since all the requested resource which are private content trigger /system/sling/login and redirecting to home 
instead of requested resource /private page.

Does anyone came across this? any suggestion on SAML configuration will resolve this ?

your inputs are appreciable,thanks
we got to know from support that SAML_REQUEST_PATH was deprecated in AEM 6.2. 
 

1 Accepted Solution

Avatar

Correct answer by
Level 9

Hi Sandeep,

  • Neither adobe officially documented or said to use SAML_REQUEST_PATH hence deprecate is not right term.  
  • We ended writing custom authentication handler since had additional requirement of AsserConsumptionURL . 
  • You need to fix at project level by using filter Or JS to take care of product change. Unfortunately OOB no config option. 

Thanks,

View solution in original post

5 Replies

Avatar

Correct answer by
Level 9

Hi Sandeep,

  • Neither adobe officially documented or said to use SAML_REQUEST_PATH hence deprecate is not right term.  
  • We ended writing custom authentication handler since had additional requirement of AsserConsumptionURL . 
  • You need to fix at project level by using filter Or JS to take care of product change. Unfortunately OOB no config option. 

Thanks,

Avatar

Level 3

Hi MC,

Thanks for the update.

I agree with your comments, could you please elaborate on this

  • You need to fix at project level by using filter Or JS to take care of product change. Unfortunately OOB no config option. 

any references will be a great help for us.

Thanks

Sandeep

Avatar

Level 9

Hi Sandeep,

    Store the destination in seperate custom cookie & in the filter when saml does post response just update saml_request_path to the value from custom cookie.

Thanks,

Avatar

Level 1

Hi

I am doing the similar implementation. Can you please let me know how can I update the saml_request_path in filter?

if you have sample code that would be great

naveen

Avatar

Level 3

Hi Naveen

URL encoding on SAML_REQUEST_PATH cookie helped us resolving the issue,follow below code to implement the same.

package com.mycompany.myproject.impl;

import org.apache.felix.scr.annotations.*;

import org.apache.sling.api.resource.LoginException;

import org.apache.sling.auth.core.AuthUtil;

import org.apache.sling.auth.core.spi.AuthenticationInfo;

import org.apache.sling.auth.core.spi.AuthenticationInfoPostProcessor;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import javax.servlet.http.Cookie;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

import java.io.UnsupportedEncodingException;

import java.net.URLDecoder;

@Component(immediate = true, metatype = true)

@Service

public class MyAuthInfoPostProcessor implements

        AuthenticationInfoPostProcessor {

    private static final String LOGIN_SUFFIX = "/saml_login";

    private static final String REQUEST_PATH_COOKIE = "saml_request_path";

    private final Logger log = LoggerFactory.getLogger(MyAuthInfoPostProcessor.class);

    public void postProcess(AuthenticationInfo authenticationInfo, HttpServletRequest request, HttpServletResponse httpServletResponse) throws LoginException {

        final String userID = authenticationInfo.getUser();

        if(null !=userID && !userID.equals("anonymous")) {

            if (request.getRequestURI().endsWith(LOGIN_SUFFIX)) {

                try {

                    final Cookie[] cookies = request.getCookies();

                    if (null != cookies) {

                        for (Cookie cookie : cookies) {

                            if (REQUEST_PATH_COOKIE.equals(cookie.getName())) {

                                String url = URLDecoder.decode(cookie.getValue(), "UTF-8");

                                String loginInitUrl = "/system/sling/login?resource=";

                                if(url.contains(loginInitUrl)){

                                    url = url.substring(loginInitUrl.length(), url.length());

                                    cookie.setValue(url);

                                }

                            }

                        }

                    }

                } catch (UnsupportedEncodingException e) {

                    log.error("Unsupported encoding", e);

                }

            }

        }

    }

}