Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: user_sync_failed detected

saibul
Level 4
Level 4

Server: AEM-6.5.1 SP-6.5.1

OS: RHEL7

Oak: 1.10.2

We use SAML for authentication, this server is migrated from AEM 6.3 to 6.5 a month back.

The users were able to log in but recently a couple of users not able to log in and the "SamlAuthenticationHandler" error is captured in the error.log.

I have attached the log.

3 Replies
saibul
Level 4
Level 4

Following is the log from error.log::

30.10.2019 01:25:24.837 *INFO* [qtp748111386-420442] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: user_sync_failed detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=user_sync_failed

30.10.2019 01:25:24.837 *ERROR* [qtp748111386-420442] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed

30.10.2019 01:25:26.775 *INFO* [10.20.42.43 [1572398726774] POST /bin/receive HTTP/1.1] com.day.cq.replication.impl.servlets.ReplicationServlet Processed replication action in 0ms: TEST of /content

30.10.2019 01:25:41.799 *INFO* [qtp748111386-420467] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

30.10.2019 01:25:41.801 *WARN* [qtp748111386-420467] org.apache.sling.auth.core.AuthUtil isRedirectValid: Redirect target must not be empty or null

30.10.2019 01:25:42.217 *INFO* [sling-default-5-health-org.apache.sling.discovery.oak.SynchronizedClocksHealthCheck] org.apache.sling.discovery.oak.SynchronizedClocksHealthCheck execute: no topology connectors connected to local instance.

30.10.2019 01:25:48.755 *INFO* [qtp748111386-420467] com.adobe.granite.security.user.internal.audit.AuditGroupAction User 'wun1' was added to the group 'UG-NA-AEM-Member-Role'

30.10.2019 01:25:48.771 *INFO* [sling-oak-observation-9] com.adobe.cq.social.sync.impl.PublisherSyncServiceImpl Handing these paths to the distribution subsystem: [/home/users/M/MhG_r1SwB8knUp_Nqpgi]

30.10.2019 01:25:48.771 *INFO* [sling-oak-observation-9] com.adobe.cq.social.sync.impl.PublisherSyncServiceImpl Could not distribute the requested paths: [/home/users/M/MhG_r1SwB8knUp_Nqpgi] Error was: Agent is not available

30.10.2019 01:25:48.773 *ERROR* [qtp748111386-420467] com.adobe.granite.auth.saml.extidp.DefaultUserSync User synchronization failed: Could not access repository.

javax.jcr.RepositoryException: Failed to generate login-token: Could not access Repository

        at com.day.crx.security.token.TokenUtil.createCredentials(TokenUtil.java:103) [com.day.crx.sling.crx-auth-token:2.5.42]

        at com.adobe.granite.auth.saml.extidp.DefaultUserSync.process(DefaultUserSync.java:108) [com.adobe.granite.auth.saml:1.0.24.CQ650-B0004]

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.syncUser(SamlAuthenticationHandler. java:860) [com.adobe.granite.auth.saml:1.0.24.CQ650-B0004]

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.handleLogin(SamlAuthenticationHandl er.java:852) [com.adobe.granite.auth.saml:1.0.24.CQ650-B0004]

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.extractCredentials(SamlAuthenticati onHandler.java:499) [com.adobe.granite.auth.saml:1.0.24.CQ650-B0004]

        at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(Authenti cationHandlerHolder.java:76) [org.apache.sling.auth.core:1.4.2]

        at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(Ab stractAuthenticationHandlerHolder.java:60) [org.apache.sling.auth.core:1.4.2]

        at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticat or.java:735) [org.apache.sling.auth.core:1.4.2]

        at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.ja va:483) [org.apache.sling.auth.core:1.4.2]

  

        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection .java:220) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.server.Server.handle(Server.java:502) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:30 5) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExe cutor.java:366) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) [org.apache.felix.http.jetty:4.0.8]

        at java.lang.Thread.run(Thread.java:748)

Caused by: javax.jcr.LoginException: java.lang.UnsupportedOperationException

        at java.util.AbstractCollection.add(AbstractCollection.java:262)

        at org.apache.jackrabbit.oak.security.user.UserPrincipalProvider.getGroupMembership(UserPrin cipalProvider.java:267)

        at org.apache.jackrabbit.oak.security.user.UserPrincipalProvider.getMembershipPrincipals(Use rPrincipalProvider.java:124)

        at org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule.getPrincipals(A bstractLoginModule.java:498)

        at org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl.commit(LoginModule Impl.java:166)

        at org.apache.felix.jaas.boot.ProxyLoginModule.commit(ProxyLoginModule.java:57)

        at sun.reflect.GeneratedMethodAccessor3067.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:498)

        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)

        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

        at javax.security.auth.login.LoginContext.login(LoginContext.java:588)

        at org.apache.jackrabbit.oak.core.ContentRepositoryImpl.login(ContentRepositoryImpl.java:163 )

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:282)

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:225)

        at org.apache.jackrabbit.oak.jcr.session.SessionImpl.impersonate(SessionImpl.java:275)

        at com.adobe.granite.repository.impl.CRX3SessionImpl.impersonate(CRX3SessionImpl.java:149)

        at com.day.crx.security.token.TokenUtil.createCredentials(TokenUtil.java:90)

        at com.adobe.granite.auth.saml.extidp.DefaultUserSync.process(DefaultUserSync.java:108)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.syncUser(SamlAuthenticationHandler. java:860)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.handleLogin(SamlAuthenticationHandl er.java:852)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.extractCredentials(SamlAuthenticati onHandler.java:499)

        at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(Authenti cationHandlerHolder.java:76)

        at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(Ab stractAuthenticationHandlerHolder.java:60)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticat or.java:735)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.ja va:483)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java :460)

        at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:131)

        at org.apache.felix.http.base.internal.whiteboard.PerBundleServletContextImpl.handleSecurity (PerBundleServletContextImpl.java:82)

        at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:58)

        at org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1002)

        at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:326)

        at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandle r.java:136)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1008)

        at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97)

        at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandle r.java:136)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1008)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(Whit eboardManager.java:1012)

        at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)

        at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet. java:49)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)

        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873)

        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:542)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1701)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)

        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)

        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1668)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)

        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)

        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)

        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection .java:220)

        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)

        at org.eclipse.jetty.server.Server.handle(Server.java:502)

        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)

        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)

        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:30 5)

        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)

        at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)

        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExe cutor.java:366)

        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)

        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)

        at java.lang.Thread.run(Thread.java:748)

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:290) [org.apache.jackrabbit.oak-jcr:1.10.2]

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:225) [org.apache.jackrabbit.oak-jcr:1.10.2]

        at org.apache.jackrabbit.oak.jcr.session.SessionImpl.impersonate(SessionImpl.java:275) [org.apache.jackrabbit.oak-jcr:1.10.2]

        at com.adobe.granite.repository.impl.CRX3SessionImpl.impersonate(CRX3SessionImpl.java:149) [com.adobe.granite.repository:1.6.28]

        at com.day.crx.security.token.TokenUtil.createCredentials(TokenUtil.java:90) [com.day.crx.sling.crx-auth-token:2.5.42]

        ... 52 common frames omitted

Caused by: javax.security.auth.login.LoginException: java.lang.UnsupportedOperationException

        at java.util.AbstractCollection.add(AbstractCollection.java:262)

        at org.apache.jackrabbit.oak.security.user.UserPrincipalProvider.getGroupMembership(UserPrin cipalProvider.java:267)

        at org.apache.jackrabbit.oak.security.user.UserPrincipalProvider.getMembershipPrincipals(Use rPrincipalProvider.java:124)

        at org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule.getPrincipals(A bstractLoginModule.java:498)

        at org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl.commit(LoginModule Impl.java:166)

        at org.apache.felix.jaas.boot.ProxyLoginModule.commit(ProxyLoginModule.java:57)

        at sun.reflect.GeneratedMethodAccessor3067.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:498)

        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)

        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

        at javax.security.auth.login.LoginContext.login(LoginContext.java:588)

        at org.apache.jackrabbit.oak.core.ContentRepositoryImpl.login(ContentRepositoryImpl.java:163 )

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:282)

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:225)

        at org.apache.jackrabbit.oak.jcr.session.SessionImpl.impersonate(SessionImpl.java:275)

        at com.adobe.granite.repository.impl.CRX3SessionImpl.impersonate(CRX3SessionImpl.java:149)

        at com.day.crx.security.token.TokenUtil.createCredentials(TokenUtil.java:90)

        at com.adobe.granite.auth.saml.extidp.DefaultUserSync.process(DefaultUserSync.java:108)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.syncUser(SamlAuthenticationHandler. java:860)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.handleLogin(SamlAuthenticationHandl er.java:852)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.extractCredentials(SamlAuthenticati onHandler.java:499)

        at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(Authenti cationHandlerHolder.java:76)

        at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(Ab stractAuthenticationHandlerHolder.java:60)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticat or.java:735)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.ja va:483)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java :460)

        at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:131)

        at org.apache.felix.http.base.internal.whiteboard.PerBundleServletContextImpl.handleSecurity (PerBundleServletContextImpl.java:82)

        at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:58)

        at org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1002)

        at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:326)

        at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandle r.java:136)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1008)

        at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97)

        at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandle r.java:136)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1008)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(Whit eboardManager.java:1012)

        at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)

        at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet. java:49)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)

        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873)

        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:542)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1701)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)

        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)

        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1668)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)

        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)

        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)

        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection .java:220)

        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)

        at org.eclipse.jetty.server.Server.handle(Server.java:502)

        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)

        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)

        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:30 5)

        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)

        at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)

        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExe cutor.java:366)

        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)

        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)

        at java.lang.Thread.run(Thread.java:748)

        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)

        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

        at javax.security.auth.login.LoginContext.login(LoginContext.java:588)

        at org.apache.jackrabbit.oak.core.ContentRepositoryImpl.login(ContentRepositoryImpl.java:163 ) [org.apache.jackrabbit.oak-core:1.10.2]

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:282) [org.apache.jackrabbit.oak-jcr:1.10.2]

        ... 56 common frames omitted

30.10.2019 01:25:48.773 *INFO* [qtp748111386-420467] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: user_sync_failed detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=user_sync_failed

30.10.2019 01:25:48.773 *ERROR* [qtp748111386-420467] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed

30.10.2019 01:25:50.034 *INFO* [HealthCheck Synchronized Clocks] org.apache.sling.discovery.oak.SynchronizedClocksHealthCheck execute: no topology connectors connected to local instance.

30.10.2019 01:25:52.376 *INFO* [oak-lucene-40697] org.apache.jackrabbit.oak.plugins.blob.AbstractSharedCachingDataStore Added blob [16bf588f0eebc58006e8ce041e3d86a6ba836370da71d362f49c06b1a02c8e6d] to backend

30.10.2019 01:25:52.498 *INFO* [oak-lucene-40697] org.apache.jackrabbit.oak.plugins.blob.AbstractSharedCachingDataStore Added blob [6a88c8c8de9055edfc057588a932e7d23b73db08e4f048f396a313ecdf69a897] to backend

jbrar
Employee
Employee

Do you see anything in the SAML logs?

You can set up a Logger in order to debug any issues that might arise from misconfiguring SAML. You can do this by:

  • Search for and click on the entry called Apache Sling Logging Logger Configuration

  • Create a logger with the following configuration:
    • Log Level: Debug
    • Log File: logs/saml.log
    • Logger: com.adobe.granite.auth.saml

shelly-goel
Community Advisor
Community Advisor

@saibul @jbrar  I'm facing the similar issue that after signing in IDP (Azure AD), response is not getting redirected to AEM page with below error in logs. How did you resolve this issue?

 

error logs:

24.11.2021 13:40:56.001 *INFO* [qtp457817355-613] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
24.11.2021 13:40:56.007 *WARN* [qtp457817355-613] org.apache.sling.auth.core.AuthUtil isRedirectValid: Redirect target must not be empty or null

 

saml logs

24.11.2021 13:40:56.007 *DEBUG* [qtp457817355-613] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.

shelly-goel
Community Advisor
Community Advisor

Yes I was able to solve it with CORS and Referrer filter configurations as below. You also need to enable ssl on aem instance.


Apache Sling Referrer Filter:

Enable referrer filter to allow B2C tenant URL

{
"allow.hosts":[
"https://login.microsoftonline.com:443"
]
}

CORS Policy:

Enable the CORS policy to allow Cross-Origin POST Request from B2C tenants.

{
"alloworigin":[
"https://login.microsoftonline.com"
]
}

 

luukowski
Level 1
Level 1

@shelly-goel thanks for the update.  After you resolved your issue, are you still seeing the same messages in your log files?