Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Upload multiple certificates on AEM 6.4 publisher

Avatar

Level 1

Hi,

We have few gated applications with the saml authentication and Okta as IDP platform.

 

On Okta, we have created a certificate for one gated application and uploaded to AEM. All the functionalities are working as expected  for that gated application.

Whenever trying to login to the other gated applications, it is redirecting us to the /error/404.html

Looks like one certificate will work for only one application. We can create multiple certificates on Okta, but On AEM we are unable to upload more than one certificate. If we try to upload new certificates it overrides the old one and gives us the new cert_alias name.

 

How can we upload multiple certificates to the publisher?

 

Also, we are seeing the below error in the saml.log

 

We are seeing the below error in saml.log
01.12.2021 10:56:44.366 *INFO* [qtp2145671214-11099] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token

Solutions tried/ observations :

1. serviceProviderEntityId and audience value returned are same

2. /libs/granite/csrf/token.json - returns null after login 
      a. Dispatcher rules are verified and looks good

3. login-token is not generated after login 

4. Apache Sling Referrer Filter - allowed IDP host and methods

Any pointers would be appreciated.

 

1 Accepted Solution

Avatar

Correct answer by
Level 5

Hi @sandhya1, if the CN which is the Common Name of the certificate is same for both the applications, then AEM will override the previously uploaded certificate and create a new certificate alias.

I remember such issue which happened in one of my previous organisations I was working for and we contacted Okta consultant and they were able to resolve the issue. It is probably their certificate which needs to handle multiple apps configured on same IP/machine. Please reach out to them (if not already) and they shall be able to resolve this issue.

- Jineet

View solution in original post

1 Reply

Avatar

Correct answer by
Level 5

Hi @sandhya1, if the CN which is the Common Name of the certificate is same for both the applications, then AEM will override the previously uploaded certificate and create a new certificate alias.

I remember such issue which happened in one of my previous organisations I was working for and we contacted Okta consultant and they were able to resolve the issue. It is probably their certificate which needs to handle multiple apps configured on same IP/machine. Please reach out to them (if not already) and they shall be able to resolve this issue.

- Jineet