Expand my Community achievements bar.

6.1 saml authenticator infinite loop

Avatar

Level 1
Level 1
4/21/16 1:03:47 PM

Hi, we are trying to switch to a new IDP and with the current instructions on saml handler configuration, we get these entries in saml log.
Also, the authenticator fails to validate the assertion and keeps sending the request back to IDP.

Has any one experienced this?

21.04.2016 14:01:01.470 *DEBUG* [qtp349494818-1145] com.adobe.granite.auth.saml.util.RetrievalMethodEncryptedKeyResolver Lookup and resolve secret key:
21.04.2016 14:01:01.489 *DEBUG* [qtp349494818-1145] com.adobe.granite.auth.saml.util.RetrievalMethodEncryptedKeyResolver Got secret key: javax.crypto.spec.SecretKeySpec**********
21.04.2016 14:01:01.502 *DEBUG* [qtp349494818-1145] com.adobe.granite.auth.saml.model.Assertion Invalid Assertion: Signature invalid.
21.04.2016 14:01:01.502 *INFO* [qtp349494818-1145] com.adobe.granite.auth.saml.SamlAuthenticationHandler Login failed. SAML token invalid.

Views

2.4K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
3 Replies

Avatar

Level 3
Level 3
4/21/16 2:51:43 PM

1. Compare the public certificate of the new IDP with the one uploaded in AEM which is resolved by the alias in the SAML handler config.

2. It appears you're using encrypted assertions. Ensure the encryption and decryption keys are correctly configured between AEM and IDP.

Views

1.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 7
Level 7
4/21/16 5:41:17 PM

Please recheck your configurations. I faced one such issue. First make sure the idp_cert file is correct and please revisit the groups that are to be added in the config. add everyone, content-authors in the group and check.

 

Thanks

Tuhin

Views

1.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Administrator
Administrator
4/21/16 8:46:31 PM

Hi 

Please have a look at these old forum posts with similar problem and solution to it:-

Link:- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

//SAML Identity provider - Infinite loop

Link:- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

//AutoCreate CRX users/ Add to groups for SAML handler does not work [AEM 6.1]

Link:- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

//AEM SAML integration, added users to CRX repo after authentication

Link:- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

//SAML AEM infinite loop

 

All of them faced this infinite loop problem and were able to fix it up.

I hope this will help you a lot.

Thanks and Regards

Kautuk Sahni



Kautuk Sahni

Views

1.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate