Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
Read More.
SOLVED

Author + SAML integration: getting "Resource / not found" message

Avatar

Level 9
Level 9
12/8/22 9:25:21 PM

as above.

 

some information/notes:

 

  1. I checked the IDP metadata that was given to me by our Okta team
  2. I checked OSGI config
  3. I checked author dispatcher config
  4. I checked SAML response (using SAML tracer browser plugin) 
  5. I can successfully login to Okta
  6. I read this troubleshooting guide in case I miss something else => How to troubleshoot SAML related issues in AEM | Adobe Experience Cloud
  7. our author is behind a dispatcher and Amazon ELB (this is the flow: me => ELB => dispatcher => AEM author)
  8. encryption is turned off in the OSGI config
  9. I checked the certificate that's been uploaded vs the one provided to me by Okta team

 

Any other ideas on what else to check? Thanks

 

 

 

 

Resource at '/' not found: No resource found

Cannot serve request to / in /libs/sling/servlet/errorhandler/404.jsp
Request Progress:

      0 TIMER_START{Request Processing}
      0 COMMENT timer_end format is {<elapsed microseconds>,<timer name>} <optional message>
      3 LOG Method=GET, PathInfo=null
      4 TIMER_START{handleSecurity}
    541 TIMER_END{536,handleSecurity} authenticator org.apache.sling.auth.core.impl.SlingAuthenticator@2818261b returns true
    746 TIMER_START{ResourceResolution}
   1224 TIMER_END{477,ResourceResolution} URI=/ resolves to Resource=NonExistingResource, path=/
   1228 LOG Resource Path Info: SlingRequestPathInfo: path='/', selectorString='null', extension='null', suffix='null'
   1228 TIMER_START{ServletResolution}
   1230 TIMER_START{resolveServlet(/)}
   1713 LOG {0}: no servlet found
   1718 TIMER_END{487,resolveServlet(/)} Using servlet org.apache.sling.servlets.get.DefaultGetServlet
   1721 TIMER_END{492,ServletResolution} URI=/ handled by Servlet=org.apache.sling.servlets.get.DefaultGetServlet
   1724 LOG Applying Requestfilters
   1726 LOG Calling filter: com.adobe.granite.resourceresolverhelper.impl.ResourceResolverHelperImpl
   1730 LOG Calling filter: org.apache.sling.security.impl.ContentDispositionFilter
   1733 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter
   1735 LOG Calling filter: com.adobe.granite.httpcache.impl.InnerCacheFilter
   1740 LOG Calling filter: org.apache.sling.rewriter.impl.RewriterFilter

 

 

 

Views

959

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
12/11/22 8:27:10 PM
In response to jayv25585659

In the original message, there is a call via GET.

 

 1721 TIMER_END{492,ServletResolution} URI=/ handled by Servlet=org.apache.sling.servlets.get.DefaultGetServlet

 The Trace log that you have verified, is that for a successful/unsuccessful redirection?

 

Please check the request/error logs, if any GET request has reached for "saml_login"

Aanchal Sikka

View solution in original post

Views

886

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Employee Advisor
Employee Advisor
12/8/22 10:44:01 PM

@jayv25585659 

Can you check following:

At AEM, how path is configured inside OSGI config:
Adobe Granite SAML 2.0 Authentication Handler 

It can be path: /  Or path: /content 

 

At IDP, what is endpoint URL

if path: / then /saml_login is ACS endpoint.
If the path: /content then /content/saml_login is ACS endpoint.

 

Assertion Consumer Service (ACS) url is the endpoint in AEM that consumes SAML response
Following article can be helpful while troubleshooting:
https://labs.tadigital.com/index.php/2017/10/10/saml-single-sign-on-sso-for-aem-authorpublish-part-2...

Views

948

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 9
Level 9
12/11/22 4:37:50 PM
In response to krati_garg

the path is setup as "/" which is the default when I pressed the "+" to create a new SAML config.

Views

899

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
12/10/22 4:14:15 AM

Hello @jayv25585659 

 

We had a similar issue on a project. Sometimes we received GET request for "saml_login"

The "saml_login" accepts POST not GET, hence the error.

 

So, we blocked the "GET" requests to "saml_login" on author dispatcher. Example:

/0081 { /type "deny" /method "GET" /url "*/saml_login"}

Aanchal Sikka

Views

919

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 9
Level 9
12/11/22 7:25:50 PM
In response to aanchal-sikka

I checked the SAML transactions using SAML tracer and in our case, it's using POST. But thanks for the suggestion.

Views

894

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
12/11/22 8:27:10 PM
In response to jayv25585659

In the original message, there is a call via GET.

 

 1721 TIMER_END{492,ServletResolution} URI=/ handled by Servlet=org.apache.sling.servlets.get.DefaultGetServlet

 The Trace log that you have verified, is that for a successful/unsuccessful redirection?

 

Please check the request/error logs, if any GET request has reached for "saml_login"

Aanchal Sikka

Views

887

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
The show hide function does not work on click of the add button on multifield. Solved

Views

260

Likes

0

Replies

9
Hibernate AEMaaCS Author and Publish Instance & Unused Instance Costing in Cloud

Views

138

Likes

0

Replies

3
Unable to adapt resource to my slingModel in test

Views

157

Likes

0

Replies

6
Retrofit Integration with AEM Cloud

Views

792

Likes

0

Replies

2
Can anyone recommend a reliable resource or platform to prepare for the Sitecore XM Cloud Developer Exam?

Views

128

Likes

0

Replies

2