Author + SAML integration: getting "Resource / not found" message

Question

as above.

some information/notes:

I checked the IDP metadata that was given to me by our Okta team
I checked OSGI config
I checked author dispatcher config
I checked SAML response (using SAML tracer browser plugin)
I can successfully login to Okta
I read this troubleshooting guide in case I miss something else => How to troubleshoot SAML related issues in AEM | Adobe Experience Cloud
our author is behind a dispatcher and Amazon ELB (this is the flow: me => ELB => dispatcher => AEM author)
encryption is turned off in the OSGI config
I checked the certificate that's been uploaded vs the one provided to me by Okta team

Any other ideas on what else to check? Thanks

Resource at '/' not found: No resource found

Cannot serve request to / in /libs/sling/servlet/errorhandler/404.jsp
Request Progress:

      0 TIMER_START{Request Processing}
      0 COMMENT timer_end format is {<elapsed microseconds>,<timer name>} <optional message>
      3 LOG Method=GET, PathInfo=null
      4 TIMER_START{handleSecurity}
    541 TIMER_END{536,handleSecurity} authenticator org.apache.sling.auth.core.impl.SlingAuthenticator@2818261b returns true
    746 TIMER_START{ResourceResolution}
   1224 TIMER_END{477,ResourceResolution} URI=/ resolves to Resource=NonExistingResource, path=/
   1228 LOG Resource Path Info: SlingRequestPathInfo: path='/', selectorString='null', extension='null', suffix='null'
   1228 TIMER_START{ServletResolution}
   1230 TIMER_START{resolveServlet(/)}
   1713 LOG {0}: no servlet found
   1718 TIMER_END{487,resolveServlet(/)} Using servlet org.apache.sling.servlets.get.DefaultGetServlet
   1721 TIMER_END{492,ServletResolution} URI=/ handled by Servlet=org.apache.sling.servlets.get.DefaultGetServlet
   1724 LOG Applying Requestfilters
   1726 LOG Calling filter: com.adobe.granite.resourceresolverhelper.impl.ResourceResolverHelperImpl
   1730 LOG Calling filter: org.apache.sling.security.impl.ContentDispositionFilter
   1733 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter
   1735 LOG Calling filter: com.adobe.granite.httpcache.impl.InnerCacheFilter
   1740 LOG Calling filter: org.apache.sling.rewriter.impl.RewriterFilter

aanchal-sikka · Accepted Answer

In the original message, there is a call via GET.

 1721 TIMER_END{492,ServletResolution} URI=/ handled by Servlet=org.apache.sling.servlets.get.DefaultGetServlet

The Trace log that you have verified, is that for a successful/unsuccessful redirection?

Please check the request/error logs, if any GET request has reached for "saml_login"

krati_garg · Answer

@jayv25585659 Can you check following:At AEM, how path is configured inside OSGI config:Adobe Granite SAML 2.0 Authentication Handler It can be path: /  Or path: /content  At IDP, what is endpoint URLif path: / then /saml_login is ACS endpoint.If the path: /content then /content/saml_login is ACS endpoint. Assertion Consumer Service (ACS) url is the endpoint in AEM that consumes SAML responseFollowing article can be helpful while troubleshooting:https://labs.tadigital.com/index.php/2017/10/10/saml-single-sign-on-sso-for-aem-authorpublish-part-2/

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded