Hi, we are trying to switch to a new IDP and with the current instructions on saml handler configuration, we get these entries in saml log.
Also, the authenticator fails to validate the assertion and keeps sending the request back to IDP.
Has any one experienced this?
21.04.2016 14:01:01.470 *DEBUG* [qtp349494818-1145] com.adobe.granite.auth.saml.util.RetrievalMethodEncryptedKeyResolver Lookup and resolve secret key:
21.04.2016 14:01:01.489 *DEBUG* [qtp349494818-1145] com.adobe.granite.auth.saml.util.RetrievalMethodEncryptedKeyResolver Got secret key: javax.crypto.spec.SecretKeySpec**********
21.04.2016 14:01:01.502 *DEBUG* [qtp349494818-1145] com.adobe.granite.auth.saml.model.Assertion Invalid Assertion: Signature invalid.
21.04.2016 14:01:01.502 *INFO* [qtp349494818-1145] com.adobe.granite.auth.saml.SamlAuthenticationHandler Login failed. SAML token invalid.
Views
Replies
Total Likes
1. Compare the public certificate of the new IDP with the one uploaded in AEM which is resolved by the alias in the SAML handler config.
2. It appears you're using encrypted assertions. Ensure the encryption and decryption keys are correctly configured between AEM and IDP.
Views
Replies
Total Likes
Please recheck your configurations. I faced one such issue. First make sure the idp_cert file is correct and please revisit the groups that are to be added in the config. add everyone, content-authors in the group and check.
Thanks
Tuhin
Views
Replies
Total Likes
Hi
Please have a look at these old forum posts with similar problem and solution to it:-
//SAML Identity provider - Infinite loop
//AutoCreate CRX users/ Add to groups for SAML handler does not work [AEM 6.1]
//AEM SAML integration, added users to CRX repo after authentication
//SAML AEM infinite loop
All of them faced this infinite loop problem and were able to fix it up.
I hope this will help you a lot.
Thanks and Regards
Kautuk Sahni
Views
Replies
Total Likes
Views
Like
Replies
Views
Likes
Replies