Go to http://aem-host:port/system/console/configMgr/org.apache.felix.http.sslfilter.SslFilter, and log in as administrator.
Issue
Once a user lands at the IDP for the SAML SSO login, the user is not routed back to the originating page. The saml_request_path is not respected on login.
Environment
AEM 6.x
Cause
If SSL is being terminated at the load balancer, then a known issue is preventing SAML redirection to the originating page.
Resolution
Assuming that the HTTPS (SSL) connection ends at the Load Balancer level, the following steps help to ensure that the saml_request_path is not lost.
-
-
Configure the values in the Apache Felix Http Service SSL Filter configuration, with the headers that load balancer uses to notify back end systems that the request was SSL. For example, Amazon ELB load balancers use these values:
SSL forward header: X-Forwarded-Proto
SSL forward value: https
For more details around SSL termination at CDNs, proxies and Load Balancers, refer the solution article.