We have few gated applications with the saml authentication and Okta as IDP platform.
On Okta, we have created a certificate for one gated application and uploaded to AEM. All the functionalities are working as expected for that gated application.
Whenever trying to login to the other gated applications, it is redirecting us to the /error/404.html
Looks like one certificate will work for only one application. We can create multiple certificates on Okta, but On AEM we are unable to upload more than one certificate. If we try to upload new certificates it overrides the old one and gives us the new cert_alias name.
How can we upload multiple certificates to the publisher?
Also, we are seeing the below error in the saml.log
We are seeing the below error in saml.log 01.12.2021 10:56:44.366 *INFO* [qtp2145671214-11099] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token
Solutions tried/ observations :
1. serviceProviderEntityId and audience value returned are same
2. /libs/granite/csrf/token.json - returns null after login a. Dispatcher rules are verified and looks good