SAML redirection back to originating page does not work


Once a user lands at the IDP for the SAML SSO login, the user is not routed back to the originating page. The saml_request_path is not respected on login.


AEM 6.x


If SSL is being terminated at the load balancer, then a known issue is preventing SAML redirection to the originating page.


Assuming that the HTTPS (SSL) connection ends at the Load Balancer level, the following steps help to ensure that the saml_request_path is not lost.

  1. Go to http://aem-host:port/system/console/configMgr/org.apache.felix.http.sslfilter.SslFilter, and log in as administrator.

  2. Configure the values in the Apache Felix Http Service SSL Filter configuration, with the headers that load balancer uses to notify back end systems that the request was SSL. For example, Amazon ELB load balancers use these values:

    SSL forward header: X-Forwarded-Proto

    SSL forward value: https

    For more details around SSL termination at CDNs, proxies and Load Balancers, refer the solution article.