SAML AEM infinite loop | Adobe Higher Education
Skip to main content
A
Adobe Employee
AmitSh5Adobe Employee
Adobe Employee
October 16, 2015
解決済み

SAML AEM infinite loop

  • October 16, 2015
  • 9 の返信
  • 5513 ビュー

Hi,

While configuring SAML on AEM I am getting below error in error.log. SAML logs are proper and do not have any error.
 
08.04.2015 10:48:13.902 *INFO* [qtp1468301140-454] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
08.04.2015 10:48:13.949 *ERROR* [qtp1468301140-454] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed

Any help.

\Amit

このトピックへの返信は締め切られました。
ベストアンサー Sham_HC

Your config & response looks correct. I would always recommend to configure userid attribute even though it fall back to nameid.

For now seems like service ranking or different redirect url or case sensitive or same where request got flushed and causing the issue.  Can you try below and attach additional details

1)   configure defaultRedirectUrl in samlauthenticationHandler to  /content/gss-portal.html instead of /

2)       Enable debug for "com.adobe.granite.saml" and repeat the test case and attach if issue persist

*)   Latest logs

*)   Snapshot of http://host:port/system/console/slingauth

9 の返信

Lokesh_Shivalingaiah
Lokesh_Shivalingaiah
Level 10
October 16, 2015

Looks like, its the issue with the credentials. Please check these if it helps

https://helpx.adobe.com/experience-manager/kb/saml-demo.html

http://adobeaemclub.com/setting-saml-authentication/

G
Adobe Employee
gopalKaAdobe Employee
Adobe Employee
October 16, 2015

Please raise support ticket with proper information if the helpx link from bsloki is not helping.

A
Adobe Employee
AmitSh5Adobe Employee作成者
Adobe Employee
October 16, 2015

@bsloki

Thanks for quick revert. I have followed the link mentioned and saml logs are proper.

Sham_HC
Sham_HC
Level 10
October 16, 2015

Attach saml response, config, and samlhandler debug logs.

Sham_HC
Sham_HC
Level 10
October 16, 2015

I do not see any attachments.

A
Adobe Employee
AmitSh5Adobe Employee作成者
Adobe Employee
October 16, 2015

Hi Sham, 

Please find attached SAMLResponse & config, there are no logs in SAML, but I have error in error.log as shared above.

copying same for reference again

08.04.2015 10:48:13.902 *INFO* [qtp1468301140-454] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
08.04.2015 10:48:13.949 *ERROR* [qtp1468301140-454] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed

thanks for looking into this. 

Amit

A
Adobe Employee
AmitSh5Adobe Employee作成者
Adobe Employee
October 16, 2015
Elaborated error logs: 08.04.2015 16:23:57.373 *INFO* [127.0.0.1 [1428506637373] GET /content/gss-portal/en/na HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /content/gss-portal/en/na not found 08.04.2015 16:24:04.594 *ERROR* [qtp1468301140-517] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed 08.04.2015 16:24:05.531 *INFO* [127.0.0.1 [1428506645531] GET /etc/designs/gss-portal/provisioning-portal.css HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /etc/designs/gss-portal/provisioning-portal.css not found 08.04.2015 16:24:05.812 *INFO* [127.0.0.1 [1428506645812] GET /etc/designs/provisioning-portal/clientlibs/jquery-cookie.js HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /etc/designs/provisioning-portal/clientlibs/jquery-cookie.js not found 08.04.2015 16:24:06.328 *INFO* [127.0.0.1 [1428506646312] GET /content/gss-portal/en/na HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /content/gss-portal/en/na not found 08.04.2015 16:24:06.359 *ERROR* [qtp1468301140-524] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed 08.04.2015 16:24:06.544 *INFO* [127.0.0.1 [1428506646544] GET /etc/designs/provisioning-portal/favicon.ico HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /etc/designs/provisioning-portal/favicon.ico not found 08.04.2015 16:24:06.559 *INFO* [127.0.0.1 [1428506646544] GET /etc/designs/provisioning-portal/resources/javascripts/app.js HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /etc/designs/provisioning-portal/resources/javascripts/app.js not found 08.04.2015 16:24:06.809 *INFO* [127.0.0.1 [1428506646809] GET /etc/designs/provisioning-portal/favicon.ico HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /etc/designs/provisioning-portal/favicon.ico not found 08.04.2015 16:24:06.825 *ERROR* [127.0.0.1 [1428506646825] GET /etc/segmentation.segment.js HTTP/1.1] org.apache.sling.servlets.get.impl.DefaultGetServlet No renderer for extension js, cannot render resource JcrNodeResource, type=rep:ACL, superType=null, path=/etc/segmentation/aam/rep:policy 08.04.2015 16:24:06.825 *ERROR* [127.0.0.1 [1428506646825] GET /etc/segmentation.segment.js HTTP/1.1] org.apache.sling.servlets.get.impl.DefaultGetServlet No renderer for extension js, cannot render resource JcrNodeResource, type=rep:ACL, superType=null, path=/etc/segmentation/rep:policy 08.04.2015 16:24:07.450 *WARN* [127.0.0.1 [1428506647434] GET /etc/clientcontext/default/content/jcr:content/stores.init.js HTTP/1.1] com.adobe.cq.commerce.common.AbstractJcrCommerceSession Unable to extract locale from page /content/gss-portal/en/gss-portal, falling back to default locale en_US. 08.04.2015 16:24:08.169 *ERROR* [qtp1468301140-517] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed 08.04.2015 16:24:09.588 *ERROR* [qtp1468301140-525] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed 08.04.2015 16:24:11.088 *ERROR* [qtp1468301140-524] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed 08.04.2015 16:24:12.573 *ERROR* [qtp1468301140-522] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed 08.04.2015 16:24:14.088 *ERROR* [qtp1468301140-525] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed
Sham_HC
Sham_HC回答
Level 10
October 16, 2015

Your config & response looks correct. I would always recommend to configure userid attribute even though it fall back to nameid.

For now seems like service ranking or different redirect url or case sensitive or same where request got flushed and causing the issue.  Can you try below and attach additional details

1)   configure defaultRedirectUrl in samlauthenticationHandler to  /content/gss-portal.html instead of /

2)       Enable debug for "com.adobe.granite.saml" and repeat the test case and attach if issue persist

*)   Latest logs

*)   Snapshot of http://host:port/system/console/slingauth

A
Adobe Employee
AmitSh5Adobe Employee作成者
Adobe Employee
October 16, 2015

Thanks Sham, I was able to fix this issue with modification to redirect URI and nameId attribute as you suggested.

契約条件Accessibility statement

Loading footer...