Expand my Community achievements bar.

SAML SSO redirect loop

Avatar

Level 7
Level 7
8/16/23 10:52:18 AM

 

I am using Azure and the SAML instructions from this blog:

https://blog.developer.adobe.com/saml-authentication-in-aem-using-microsoft-azure-active-directory-3...

Basically, it is securing down we-retail site.  

In my example, I am trying secure a folder in /content/dam/formsanddocuments/secure-folder.

The URL in the browser is this: /aem/forms.html/content/dam/formsanddocuments/secure-folder - this is another problem to deal with later maybe.

However, I've been trying to secure /aem and I still have an issue with redirects.

I've tried default Redirect in AEM - doesn't have an affect.

In all cases, SSO works and it gets passed the Azure authentication and redirects to the following URLs.

I've tried to configure Azure reply URL with /saml_login as in the instructions - fails at that URL

I've tried to configure Azure reply URL with /aem/start.html - gets into a loop of authenticating and redirecting.

 

Here is my config on AEM

crich2784_0-1692208241789.png

 

Here is the SSO Azure config:

crich2784_1-1692208319726.png

 

Any help would be appreciated.

 

Views

1.3K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
3 Replies

Avatar

Level 7
Level 7
8/16/23 11:12:10 AM

Just configured logging and see this:

 

16.08.2023 13:11:06.034 *DEBUG* [qtp1267371568-68] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.

Views

1.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 9
Level 9
8/16/23 8:44:32 PM

hi @crich2784 

You can keep the reply URL to https:urdomain/content/saml_login , the successful authentication at azure will send the control back to your AEM instance.

IF you can write a postprocessor class that extends implements AuthenticationInfoPostProcessor and implement the postprocessor method there you can capture the saml_login request and redirect the user to the desired page using response.sendredirect . You can also verify the SAMLResponse is valid if you have installed the SAML extension or deflate the SAMLResponse.

 

Regarding the specific error you got it looks something to do with the certificate installation to the local store. Please follow the below KB article that talks about similar issue 

https://experienceleague.adobe.com/docs/experience-cloud-kcs/kbarticles/KA-17476.html?lang=en

 

Hope it helps!

 

 

Views

1.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
8/17/23 2:08:40 PM

The issue is most likely with the password and/or the certificate (from the IdP) you are using, I got the infinite loop once and it resulted in a Trusted Store password issue, the log you are saying is related to this. Please verify both, the TrustStore password which is unique to your AEM instance, and the certificate generated from the IdP.


Esteban Bustamante

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
React redirection

Views

105

Likes

0

Replies

1
AEM Custom Saml Authentication Handler

Views

420

Like

1

Replies

8
How to autosync an external Group into Existing repository group - SSO related ?

Views

224

Likes

0

Replies

2
Using Keycloak for AEM 6.5 Authentication via an OIDC Client (not a SAML Client)

Views

462

Like

1

Replies

0
LDAP and SAML potential conflicts

Views

199

Likes

0

Replies

2