When AEM Publish instance is configured with multiple SAML configurations(Single IDP with multiple AEM domains), only one of the configurations works. When keeping only one SAML configuration and removing others, everything works as expected.
We need to use the Assertion Consumer URL to make sure IDP sends the response to respective configuration.
Make sure that the "Assertion Consumer URL" property is configured based on the "path" variable in the SAML config.
Example with www.abc.com mapped to /content/abc and www.xyz.com mapped to /content/xyz on the same AEM instance:
- Path variable for SAML configuration(www.abc.com) should be configured as /content/abc and assertion consumer URL for IDP/SAML configuration should be as https://www.abc.com/content/abc/saml_login
- Path variable for SAML configuration(www.xyz.com) should be configured as /content/xyz and assertion consumer URL for IDP/SAML configuration should be as https://www.xyz.com/content/xyz/saml_login