SAML Redirection issue in AEM 6.2 | Community
Skip to main content
S
sandeepv1805
Level 2
May 17, 2017
Solved

SAML Redirection issue in AEM 6.2

  • May 17, 2017
  • 5 replies
  • 2412 views

We have done an AEM 6.2 upgrade from AEM 6.0, post that any request to resource through SAML handler is redirecting to home page.

for example : when resource request is for 'events' page like this is www.ex.com/system/sling/login?resource=/content/project/events.html it's redirecting 
to home page instead of requested resource.This was working in AEM 6.0.

because of this none of the CUG pages are working since all the requested resource which are private content trigger /system/sling/login and redirecting to home 
instead of requested resource /private page.

Does anyone came across this? any suggestion on SAML configuration will resolve this ?

your inputs are appreciable,thanks
we got to know from support that SAML_REQUEST_PATH was deprecated in AEM 6.2. 
 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by MC_Stuff

Hi Sandeep,

  • Neither adobe officially documented or said to use SAML_REQUEST_PATH hence deprecate is not right term.  
  • We ended writing custom authentication handler since had additional requirement of AsserConsumptionURL . 
  • You need to fix at project level by using filter Or JS to take care of product change. Unfortunately OOB no config option. 

Thanks,

5 replies

MC_Stuff
MC_StuffAccepted solution
Level 10
May 17, 2017

Hi Sandeep,

  • Neither adobe officially documented or said to use SAML_REQUEST_PATH hence deprecate is not right term.  
  • We ended writing custom authentication handler since had additional requirement of AsserConsumptionURL . 
  • You need to fix at project level by using filter Or JS to take care of product change. Unfortunately OOB no config option. 

Thanks,

S
sandeepv1805Author
Level 2
May 17, 2017

Hi MC,

Thanks for the update.

I agree with your comments, could you please elaborate on this

  • You need to fix at project level by using filter Or JS to take care of product change. Unfortunately OOB no config option. 

any references will be a great help for us.

Thanks

Sandeep

MC_Stuff
MC_Stuff
Level 10
May 18, 2017

Hi Sandeep,

    Store the destination in seperate custom cookie & in the filter when saml does post response just update saml_request_path to the value from custom cookie.

Thanks,

N
naveenj19637170
October 17, 2017

Hi

I am doing the similar implementation. Can you please let me know how can I update the saml_request_path in filter?

if you have sample code that would be great

naveen

S
sandeepv1805Author
Level 2
October 23, 2017

Hi Naveen

URL encoding on SAML_REQUEST_PATH cookie helped us resolving the issue,follow below code to implement the same.

package com.mycompany.myproject.impl;

import org.apache.felix.scr.annotations.*;

import org.apache.sling.api.resource.LoginException;

import org.apache.sling.auth.core.AuthUtil;

import org.apache.sling.auth.core.spi.AuthenticationInfo;

import org.apache.sling.auth.core.spi.AuthenticationInfoPostProcessor;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import javax.servlet.http.Cookie;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

import java.io.UnsupportedEncodingException;

import java.net.URLDecoder;

@Component(immediate = true, metatype = true)

@Service

public class MyAuthInfoPostProcessor implements

        AuthenticationInfoPostProcessor {

    private static final String LOGIN_SUFFIX = "/saml_login";

    private static final String REQUEST_PATH_COOKIE = "saml_request_path";

    private final Logger log = LoggerFactory.getLogger(MyAuthInfoPostProcessor.class);

    public void postProcess(AuthenticationInfo authenticationInfo, HttpServletRequest request, HttpServletResponse httpServletResponse) throws LoginException {

        final String userID = authenticationInfo.getUser();

        if(null !=userID && !userID.equals("anonymous")) {

            if (request.getRequestURI().endsWith(LOGIN_SUFFIX)) {

                try {

                    final Cookie[] cookies = request.getCookies();

                    if (null != cookies) {

                        for (Cookie cookie : cookies) {

                            if (REQUEST_PATH_COOKIE.equals(cookie.getName())) {

                                String url = URLDecoder.decode(cookie.getValue(), "UTF-8");

                                String loginInitUrl = "/system/sling/login?resource=";

                                if(url.contains(loginInitUrl)){

                                    url = url.substring(loginInitUrl.length(), url.length());

                                    cookie.setValue(url);

                                }

                            }

                        }

                    }

                } catch (UnsupportedEncodingException e) {

                    log.error("Unsupported encoding", e);

                }

            }

        }

    }

}

Terms & ConditionsAccessibility statement

Loading footer...