Hello,
After upgrading from AEM 6.2 to AEM 6.3 we are seeing issue in SAML.
It was getting redirected to IDP and authenticated successfully in AEM 6.2 but now it's not getting redirected to IDP itself.
In the logs we could see CUG related as null. Not sure if this mandatory and need to be configured somewhere apart from SAML Authentication Handler.
Can some one please let me know if anything (configuration or proceed) need to be modified from AEM 6.2 as the adobe documentation doesn't seem to be updated yet?
Adobe 6.3 Document URL: SAML 2.0 Authentication Handler
Logs
04.04.2018 03:46:52.874 *INFO* [qtp194334932-30151] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
04.04.2018 03:46:52.875 *INFO* [qtp194334932-30151] com.day.cq.auth.impl.HTTPAuthHandler CUG realm: null
04.04.2018 03:46:52.996 *INFO* [qtp194334932-29656] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
04.04.2018 03:46:53.942 *INFO* [10.36.146.158 [1522813613941] GET /libs/granite/core/content/login.html HTTP/1.1] com.test.service.securityServiceImpl Checking access for the loggin user.
Collect the HAR trace for the complete cycle and attach debug saml logs and saml config, I can review it for you. PM if need be.