Expand my Community achievements bar.

SOLVED

Upload multiple certificates on AEM 6.4 publisher

Avatar

Level 1
Level 1
12/6/21 1:21:12 PM

Hi,

We have few gated applications with the saml authentication and Okta as IDP platform.

 

On Okta, we have created a certificate for one gated application and uploaded to AEM. All the functionalities are working as expected  for that gated application.

Whenever trying to login to the other gated applications, it is redirecting us to the /error/404.html

Looks like one certificate will work for only one application. We can create multiple certificates on Okta, but On AEM we are unable to upload more than one certificate. If we try to upload new certificates it overrides the old one and gives us the new cert_alias name.

 

How can we upload multiple certificates to the publisher?

 

Also, we are seeing the below error in the saml.log

 

We are seeing the below error in saml.log
01.12.2021 10:56:44.366 *INFO* [qtp2145671214-11099] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token

Solutions tried/ observations :

1. serviceProviderEntityId and audience value returned are same

2. /libs/granite/csrf/token.json - returns null after login 
      a. Dispatcher rules are verified and looks good

3. login-token is not generated after login 

4. Apache Sling Referrer Filter - allowed IDP host and methods

Any pointers would be appreciated.

 

Views

480

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
2/20/22 10:48:39 AM

Hi @sandhya1, if the CN which is the Common Name of the certificate is same for both the applications, then AEM will override the previously uploaded certificate and create a new certificate alias.

I remember such issue which happened in one of my previous organisations I was working for and we contacted Okta consultant and they were able to resolve the issue. It is probably their certificate which needs to handle multiple apps configured on same IP/machine. Please reach out to them (if not already) and they shall be able to resolve this issue.

- Jineet

View solution in original post

Views

406

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Community Advisor
Community Advisor
2/20/22 10:48:39 AM

Hi @sandhya1, if the CN which is the Common Name of the certificate is same for both the applications, then AEM will override the previously uploaded certificate and create a new certificate alias.

I remember such issue which happened in one of my previous organisations I was working for and we contacted Okta consultant and they were able to resolve the issue. It is probably their certificate which needs to handle multiple apps configured on same IP/machine. Please reach out to them (if not already) and they shall be able to resolve this issue.

- Jineet

Views

407

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply