Expand my Community achievements bar.

Why does AEM 6.5 not redirect to original requested page after SAML Auth

Avatar

Level 2

I am working with AEM 6.5 and have implemented SAML AuthN using Okta as my IdP.

 

I added the OSGi, configured Okta and extended the AuthenticationInfoPostProcessor, all appears to be working.

 

The auth process flow is as follows:

siteA.com/some/protected/page.html -> (redirect to) okta.com -> POST siteA.com/saml_login -> GET siteA.com/some/protected/page.html

All of that works great, now i add another site siteB and here is what happens with that one.

siteB.com (all pages are protected) -> (redirect to) okta.com -> POST siteA.com/saml_login -> GET siteA.com

 

Okta is intentionally configured to use an endpoint on siteA as that is my main site and okta for SAML login only supports a single redirect URL.

 

Is this some issue with cookies not being available for the postProcess?
Is there a way i can resolve this?

 

EDIT:
So, i think this is a cookie issue. Since my postProcess is on siteA any cookies set by siteB are not sent to siteA after Okta login (specifically the saml_request_path), given that my sites are at 2 different top-level domains, what options do i have?

Also, is there an interface that I can implement to run code BEFORE the okta redirect?
e.g. siteA.some/protected/page.html -> (run some server side code before redirect) -> Okta...

2 Replies

Avatar

Community Advisor

Can you try to set saml_request_path cookie with the landing page when the login is clicked and see? 

 

Saravanan_Dharmaraj_0-1666119375913.png

 

Avatar

Level 2

There is no login button or landing page, the entire site requires authentication.