Learn how to how to reconfigure the truststore and keystorein Adobe Experience Manager.

A configuration of AEM communities that is leveraging an ASRP, requires replication of the Crypto Key. On a scenario when the same AEM instance is using a SAML authentication the crypto key setup can result in the following error: 


org.apache.sling.api.SlingException: Cannot get DefaultSlingScript: org.apache.sling.api.SlingException: Cannot get DefaultSlingScript: org.apache.sling.api.SlingException: Cannot get DefaultSlingScript: com.adobe.cq.social.SocialException: com.adobe.cq.social.srp.config.SRPConfigurationError: com.adobe.granite.crypto.CryptoException: Cannot convert byte data

 

A possible solution includes reconfiguring AEM truststore and keystore:

1. Refresh Crypto bundle:

  • Go to http://<publiship>:<port>/system/console/configMg.
  • Search for ‘Adobe Granite Crypto Support’.
  • Hit refresh.
  • Wait for the instance to respond. 
  • Bundle Verification: Make sure these are running & show the correct version.

2. Delete existing trustsore and keystore: 

  • Go to crx/de and move these nodes to /tmp.
  • /etc/truststore/truststore.p12 .
  • /home/users/system/authentication-service/keystore.

3. Delete existing SAML Config: 

  • Go to http://<publiship>:4503/system/console/configMgr 
  • Search for ‘Adobe Granite SAML 2.0 Authentication Handler’ 
  • Delete all the configutaion underneath 

4. Reconfigure truststore-keystore and re-apply ReplicatetheCryptoKey.

5. Bundle Verification: Make sure these are running & show the correct version. 

6. Check on system/console/configMgr that you do not have multiple configurations for AEM Communities Cloud Storage Resource Provider.

7. Validate SAML and ASRP configuration.

Was this page helpful?