I am working with AEM 6.5 and have implemented SAML AuthN using Okta as my IdP.
I added the OSGi, configured Okta and extended the AuthenticationInfoPostProcessor, all appears to be working.
The auth process flow is as follows:
siteA.com/some/protected/page.html -> (redirect to) okta.com -> POST siteA.com/saml_login -> GET siteA.com/some/protected/page.html
All of that works great, now i add another site siteB and here is what happens with that one.
siteB.com (all pages are protected) -> (redirect to) okta.com -> POST siteA.com/saml_login -> GET siteA.com
Okta is intentionally configured to use an endpoint on siteA as that is my main site and okta for SAML login only supports a single redirect URL.
Is this some issue with cookies not being available for the postProcess?
Is there a way i can resolve this?
So, i think this is a cookie issue. Since my postProcess is on siteA any cookies set by siteB are not sent to siteA after Okta login (specifically the saml_request_path), given that my sites are at 2 different top-level domains, what options do i have?
Also, is there an interface that I can implement to run code BEFORE the okta redirect?
e.g. siteA.some/protected/page.html -> (run some server side code before redirect) -> Okta...