AEM - SAML integration resulting in the infinite redirection post removing HTML extension from URL
Hello,
I am trying to set-up the SAML integration with AEM publish following
https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/authentication/saml-2-0.html?lang=en
The set-up was successful and we are able to authenticate the users, get their profile etc. data synced into AEM, However,
We also implemented the solution to strip ".html" extension from the URL and post this the SAML authentication has started in error.
1. The SAML authentication still works but while SAML POST back, the URL goes into infinite chain of redirection between AEM and IdP provider.
(this works fine when we revert the change of .html extension)
2. Have already checked https://experienceleague.adobe.com/docs/experience-cloud-kcs/kbarticles/KA-17476.html?lang=en but this doesn't resolve issue as the same config works fine with .html extension.
3. The SAML config. is as follows :
{
"path": [ "/content/myPath"],
"idpCertAlias": "$[env:SAML_IDP_CERT_ALIAS;default=certalias___111111111111]",
"idpIdentifier": "$[env:SAML_IDP_ID;default=https://auth.pingone.com/xxxxxxxxxxxxxxxxxxxxx]",
"idpUrl": "$[env:SAML_IDP_URL;default=https://auth.pingone.com/xxxxxxxxxxxxxxxxxx/saml20/idp/sso]",
"serviceProviderEntityId": "$[env:SAML_AEM_ID;default=https://publish-pxxxxx-exxxxxx.adobeaemcloud.com]",
"useEncryption": false,
"createUser": true,
"userIntermediatePath": "mySite/idp",
"synchronizeAttributes":[
"firstName=profile/givenName"
],
"addGroupMemberships": true,
"defaultGroups": [
"everyone"
],
"handleLogout" : true,
"logoutUrl": "https://auth.pingone.com/xxxxxxxxxxxxxxxxxxxxxxxxxxx/saml20/idp/slo"
}
I Don't see any error in the logs of AEM publish, however, we do see the /saml_log URL coming back on POST sometime with 204 error
Do we have any dependency of SAML redirection on HTML extension and are there any ways to handle it via dispatcher rules?
@kautuk_sahni