Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

AEM - SAML integration resulting in the infinite redirection post removing HTML extension from URL

Avatar

Level 2

Hello, 

I am trying to set-up the SAML integration with AEM publish following 
https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/authentication/saml-2... 
The set-up was successful and we are able to authenticate the users, get their profile etc. data synced into AEM, However, 
We also implemented the solution to strip ".html" extension from the URL and post this the SAML authentication has started in error. 

1. The SAML authentication still works but while SAML POST back, the URL goes into infinite chain of redirection between AEM and IdP provider.

(this works fine when we revert the change of .html extension)

2. Have already checked https://experienceleague.adobe.com/docs/experience-cloud-kcs/kbarticles/KA-17476.html?lang=en but this doesn't resolve issue as the same config works fine with .html extension.

 

3. The SAML config. is as follows : 

{
  "path": [ "/content/myPath"],
  "idpCertAlias": "$[env:SAML_IDP_CERT_ALIAS;default=certalias___111111111111]",
  "idpIdentifier": "$[env:SAML_IDP_ID;default=https://auth.pingone.com/xxxxxxxxxxxxxxxxxxxxx]",
  "idpUrl": "$[env:SAML_IDP_URL;default=https://auth.pingone.com/xxxxxxxxxxxxxxxxxx/saml20/idp/sso]",
  "serviceProviderEntityId": "$[env:SAML_AEM_ID;default=https://publish-pxxxxx-exxxxxx.adobeaemcloud.com]",
  "useEncryption": false,
  "createUser": true,
  "userIntermediatePath": "mySite/idp",
  "synchronizeAttributes":[
	"firstName=profile/givenName"
  ],
  "addGroupMemberships": true,
  "defaultGroups": [
	"everyone"
  ],
  "handleLogout" : true,
  "logoutUrl": "https://auth.pingone.com/xxxxxxxxxxxxxxxxxxxxxxxxxxx/saml20/idp/slo"
}


I Don't see any error in the logs of AEM publish, however, we do see the /saml_log URL coming back on POST sometime with 204 error

Do we have any dependency of SAML redirection on HTML extension and are there any ways to handle it via dispatcher rules?

@kautuk_sahni  


 

1 Accepted Solution

Avatar

Correct answer by
Level 2

This was issue with the certificate used, we refreshed the certificate and also replicated the truststore and it worked fine. 

This is one very helpful blog i found during debug and resolution of the issue 
https://www.albinsblog.com/2018/05/exceptionsissues-while-configuring-aem-saml-authentication-handle... 

View solution in original post

2 Replies

Avatar

Correct answer by
Level 2

This was issue with the certificate used, we refreshed the certificate and also replicated the truststore and it worked fine. 

This is one very helpful blog i found during debug and resolution of the issue 
https://www.albinsblog.com/2018/05/exceptionsissues-while-configuring-aem-saml-authentication-handle...