A configuration of AEM communities that is leveraging an ASRP, requires replication of the Crypto Key. On a scenario when the same AEM instance is using a SAML authentication the crypto key setup can result in the following error:
org.apache.sling.api.SlingException: Cannot get DefaultSlingScript: org.apache.sling.api.SlingException: Cannot get DefaultSlingScript: org.apache.sling.api.SlingException: Cannot get DefaultSlingScript: com.adobe.cq.social.SocialException: com.adobe.cq.social.srp.config.SRPConfigurationError: com.adobe.granite.crypto.CryptoException: Cannot convert byte data
A possible solution includes reconfiguring AEM truststore and keystore:
1. Refresh Crypto bundle:
- Go to http://<publiship>:<port>/system/console/configMg.
- Search for ‘Adobe Granite Crypto Support’.
- Hit refresh.
- Wait for the instance to respond.
- Bundle Verification: Make sure these are running & show the correct version.
2. Delete existing trustsore and keystore:
- Go to crx/de and move these nodes to /tmp.
- /etc/truststore/truststore.p12 .
- /home/users/system/authentication-service/keystore.
3. Delete existing SAML Config:
- Go to http://<publiship>:4503/system/console/configMgr
- Search for ‘Adobe Granite SAML 2.0 Authentication Handler’
- Delete all the configutaion underneath
4. Reconfigure truststore-keystore and re-apply ReplicatetheCryptoKey.
5. Bundle Verification: Make sure these are running & show the correct version.
6. Check on system/console/configMgr that you do not have multiple configurations for AEM Communities Cloud Storage Resource Provider.
7. Validate SAML and ASRP configuration.