Suggestions on using different IDP URL (same domain but different context) for different website hosted in AEM 6.2

Hi GVK,

    It is supported out of the box.   Service Provider Entity ID is just a unique name and not mandatory it should be url. 

Assume 

1. aaa.com mapped to /content/geometrixx/en and idp url is http://idp1.com and entiry id is http://x.y.com/idp1
2. bbb.com mapped to /content/geometrixx/fr and idp url is http://idp2.com and entiry id is http://x.y.com/idp2
3. ccc.com mapped to /content/geometrixx/de and idp url is http://idp3.com and entiry id is http://x.y.com/idp3

Create 3 aem saml config with almost same configs and difference being 

1. For first config path as  /content/geometrixx/en and idp url is http://idp1.com and entiry id has http://x.y.com/idp1
2. For second config path as  /content/geometrixx/fr and idp url is http://idp2.com and entiry id has http://x.y.com/idp2
3. For third config path as  /content/geometrixx/de and idp url is http://idp3.com and entiry id has http://x.y.com/idp3

Thanks,

MC Stuff wrote...

Hi GVK,

    It is supported out of the box.   Service Provider Entity ID is just a unique name and not mandatory it should be url. 

Assume 

1. aaa.com mapped to /content/geometrixx/en and idp url is http://idp1.com and entiry id is http://x.y.com/idp1
2. bbb.com mapped to /content/geometrixx/fr and idp url is http://idp2.com and entiry id is http://x.y.com/idp2
3. ccc.com mapped to /content/geometrixx/de and idp url is http://idp3.com and entiry id is http://x.y.com/idp3

Create 3 aem saml config with almost same configs and difference being 

1. For first config path as  /content/geometrixx/en and idp url is http://idp1.com and entiry id has http://x.y.com/idp1
2. For second config path as  /content/geometrixx/fr and idp url is http://idp2.com and entiry id has http://x.y.com/idp2
3. For third config path as  /content/geometrixx/de and idp url is http://idp3.com and entiry id has http://x.y.com/idp3

 

Thanks,

 

Thanks a lot MC Stuff for quick reply!

Few more queries.

1. When you say "create 3 saml config", you wanted me to create 3 SAML handler with different URL/entity id, etc rite?

2. As you mentioned If we able to use 3 IDP URL in 3 different SAML handler, could you please let me know how the trust store and keystore works? As of now we have configured truststore with IDP1 certificate and Keystore with aaa.com SSL certificate.

            -    Will the request from yyy.com be trusted with IDP1 (truststore) and zzz.com (keystore) certificates?

Thanks in advance.

Regards,

GVK

MC Stuff wrote...

Gunalan V wrote...

 

1. When you say "create 3 saml config", you wanted me to create 3 SAML handler with different URL/entity id, etc rite?

Yes

2. As you mentioned If we able to use 3 IDP URL in 3 different SAML handler, could you please let me know how the trust store and keystore works?

There is no limitation on number of certificate to upload into truststore Or keystore.

 

As of now we have configured truststore with IDP1 certificate and Keystore with aaa.com SSL certificate.

            -    Will the request from yyy.com be trusted with IDP1 (truststore) and zzz.com (keystore) certificates?

AEM has intelligent logic inbuilt is there is duplicate certificate upload it will not create a new one.  All the 3 certificate if turn out to be same then you will see one alias. Use that for all configs.   In case it is different you will have different alias created and use the same alias in saml config.

 

 

Thank You MC Stuff! 

I was able to add multiple certificate in truststore and keystore in my local AEM. Will try lower environment and get your help if any issues.

Regards,

GVK 

Hi Gunalan,

I am trying to add new certificate to truststore. It is always replacing the existing one. Even though certificates are different.

Any pointers would be helpful? And what is the logic of that built-in feature to compare certificates ?

Regards,

Akash B.