Issue

Once a user lands at the IDP for the SAML SSO login, the user is not routed back to the originating page. The saml_request_path is not respected on login.

Environment

AEM 6.x

Cause

If SSL is being terminated at the load balancer, then a known issue is preventing SAML redirection to the originating page.

Resolution

Assuming that the HTTPS (SSL) connection ends at the Load Balancer level, the following steps help to ensure that the saml_request_path is not lost.

  1. Go to http://aem-host:port/system/console/configMgr/org.apache.felix.http.sslfilter.SslFilter, and log in as administrator.

  2. Configure the values in the Apache Felix Http Service SSL Filter configuration, with the headers that load balancer uses to notify back end systems that the request was SSL. For example, Amazon ELB load balancers use these values:

    SSL forward header: X-Forwarded-Proto

    SSL forward value: https

    For more details around SSL termination at CDNs, proxies and Load Balancers, refer the solution article.

Bu çalışma Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License kapsamında lisanslanmıştır  Creative Commons şartları, Twitter™ ve Facebook sitelerinde paylaşılanları kapsamaz.

Yasal Uyarılar   |   Çevrimiçi Gizlilik İlkesi