Server: AEM-6.5.1 SP-6.5.1
OS: RHEL7
Oak: 1.10.2
We use SAML for authentication, this server is migrated from AEM 6.3 to 6.5 a month back.
The users were able to log in but recently a couple of users not able to log in and the "SamlAuthenticationHandler" error is captured in the error.log.
I have attached the log.
Views
Replies
Total Likes
Following is the log from error.log::
30.10.2019 01:25:24.837 *INFO* [qtp748111386-420442] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: user_sync_failed detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=user_sync_failed
30.10.2019 01:25:24.837 *ERROR* [qtp748111386-420442] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed
30.10.2019 01:25:26.775 *INFO* [10.20.42.43 [1572398726774] POST /bin/receive HTTP/1.1] com.day.cq.replication.impl.servlets.ReplicationServlet Processed replication action in 0ms: TEST of /content
30.10.2019 01:25:41.799 *INFO* [qtp748111386-420467] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
30.10.2019 01:25:41.801 *WARN* [qtp748111386-420467] org.apache.sling.auth.core.AuthUtil isRedirectValid: Redirect target must not be empty or null
30.10.2019 01:25:42.217 *INFO* [sling-default-5-health-org.apache.sling.discovery.oak.SynchronizedClocksHealthCheck] org.apache.sling.discovery.oak.SynchronizedClocksHealthCheck execute: no topology connectors connected to local instance.
30.10.2019 01:25:48.755 *INFO* [qtp748111386-420467] com.adobe.granite.security.user.internal.audit.AuditGroupAction User 'wun1' was added to the group 'UG-NA-AEM-Member-Role'
30.10.2019 01:25:48.771 *INFO* [sling-oak-observation-9] com.adobe.cq.social.sync.impl.PublisherSyncServiceImpl Handing these paths to the distribution subsystem: [/home/users/M/MhG_r1SwB8knUp_Nqpgi]
30.10.2019 01:25:48.771 *INFO* [sling-oak-observation-9] com.adobe.cq.social.sync.impl.PublisherSyncServiceImpl Could not distribute the requested paths: [/home/users/M/MhG_r1SwB8knUp_Nqpgi] Error was: Agent is not available
30.10.2019 01:25:48.773 *ERROR* [qtp748111386-420467] com.adobe.granite.auth.saml.extidp.DefaultUserSync User synchronization failed: Could not access repository.
javax.jcr.RepositoryException: Failed to generate login-token: Could not access Repository
at com.day.crx.security.token.TokenUtil.createCredentials(TokenUtil.java:103) [com.day.crx.sling.crx-auth-token:2.5.42]
at com.adobe.granite.auth.saml.extidp.DefaultUserSync.process(DefaultUserSync.java:108) [com.adobe.granite.auth.saml:1.0.24.CQ650-B0004]
at com.adobe.granite.auth.saml.SamlAuthenticationHandler.syncUser(SamlAuthenticationHandler. java:860) [com.adobe.granite.auth.saml:1.0.24.CQ650-B0004]
at com.adobe.granite.auth.saml.SamlAuthenticationHandler.handleLogin(SamlAuthenticationHandl er.java:852) [com.adobe.granite.auth.saml:1.0.24.CQ650-B0004]
at com.adobe.granite.auth.saml.SamlAuthenticationHandler.extractCredentials(SamlAuthenticati onHandler.java:499) [com.adobe.granite.auth.saml:1.0.24.CQ650-B0004]
at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(Authenti cationHandlerHolder.java:76) [org.apache.sling.auth.core:1.4.2]
at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(Ab stractAuthenticationHandlerHolder.java:60) [org.apache.sling.auth.core:1.4.2]
at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticat or.java:735) [org.apache.sling.auth.core:1.4.2]
at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.ja va:483) [org.apache.sling.auth.core:1.4.2]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection .java:220) [org.apache.felix.http.jetty:4.0.8]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [org.apache.felix.http.jetty:4.0.8]
at org.eclipse.jetty.server.Server.handle(Server.java:502) [org.apache.felix.http.jetty:4.0.8]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370) [org.apache.felix.http.jetty:4.0.8]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267) [org.apache.felix.http.jetty:4.0.8]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:30 5) [org.apache.felix.http.jetty:4.0.8]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [org.apache.felix.http.jetty:4.0.8]
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [org.apache.felix.http.jetty:4.0.8]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [org.apache.felix.http.jetty:4.0.8]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [org.apache.felix.http.jetty:4.0.8]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [org.apache.felix.http.jetty:4.0.8]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) [org.apache.felix.http.jetty:4.0.8]
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExe cutor.java:366) [org.apache.felix.http.jetty:4.0.8]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) [org.apache.felix.http.jetty:4.0.8]
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) [org.apache.felix.http.jetty:4.0.8]
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.jcr.LoginException: java.lang.UnsupportedOperationException
at java.util.AbstractCollection.add(AbstractCollection.java:262)
at org.apache.jackrabbit.oak.security.user.UserPrincipalProvider.getGroupMembership(UserPrin cipalProvider.java:267)
at org.apache.jackrabbit.oak.security.user.UserPrincipalProvider.getMembershipPrincipals(Use rPrincipalProvider.java:124)
at org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule.getPrincipals(A bstractLoginModule.java:498)
at org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl.commit(LoginModule Impl.java:166)
at org.apache.felix.jaas.boot.ProxyLoginModule.commit(ProxyLoginModule.java:57)
at sun.reflect.GeneratedMethodAccessor3067.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:588)
at org.apache.jackrabbit.oak.core.ContentRepositoryImpl.login(ContentRepositoryImpl.java:163 )
at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:282)
at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:225)
at org.apache.jackrabbit.oak.jcr.session.SessionImpl.impersonate(SessionImpl.java:275)
at com.adobe.granite.repository.impl.CRX3SessionImpl.impersonate(CRX3SessionImpl.java:149)
at com.day.crx.security.token.TokenUtil.createCredentials(TokenUtil.java:90)
at com.adobe.granite.auth.saml.extidp.DefaultUserSync.process(DefaultUserSync.java:108)
at com.adobe.granite.auth.saml.SamlAuthenticationHandler.syncUser(SamlAuthenticationHandler. java:860)
at com.adobe.granite.auth.saml.SamlAuthenticationHandler.handleLogin(SamlAuthenticationHandl er.java:852)
at com.adobe.granite.auth.saml.SamlAuthenticationHandler.extractCredentials(SamlAuthenticati onHandler.java:499)
at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(Authenti cationHandlerHolder.java:76)
at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(Ab stractAuthenticationHandlerHolder.java:60)
at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticat or.java:735)
at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.ja va:483)
at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java :460)
at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:131)
at org.apache.felix.http.base.internal.whiteboard.PerBundleServletContextImpl.handleSecurity (PerBundleServletContextImpl.java:82)
at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:58)
at org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)
at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1002)
at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:326)
at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandle r.java:136)
at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1008)
at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97)
at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandle r.java:136)
at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1008)
at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(Whit eboardManager.java:1012)
at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)
at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet. java:49)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:542)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1701)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1668)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection .java:220)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.Server.handle(Server.java:502)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:30 5)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExe cutor.java:366)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
at java.lang.Thread.run(Thread.java:748)
at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:290) [org.apache.jackrabbit.oak-jcr:1.10.2]
at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:225) [org.apache.jackrabbit.oak-jcr:1.10.2]
at org.apache.jackrabbit.oak.jcr.session.SessionImpl.impersonate(SessionImpl.java:275) [org.apache.jackrabbit.oak-jcr:1.10.2]
at com.adobe.granite.repository.impl.CRX3SessionImpl.impersonate(CRX3SessionImpl.java:149) [com.adobe.granite.repository:1.6.28]
at com.day.crx.security.token.TokenUtil.createCredentials(TokenUtil.java:90) [com.day.crx.sling.crx-auth-token:2.5.42]
... 52 common frames omitted
Caused by: javax.security.auth.login.LoginException: java.lang.UnsupportedOperationException
at java.util.AbstractCollection.add(AbstractCollection.java:262)
at org.apache.jackrabbit.oak.security.user.UserPrincipalProvider.getGroupMembership(UserPrin cipalProvider.java:267)
at org.apache.jackrabbit.oak.security.user.UserPrincipalProvider.getMembershipPrincipals(Use rPrincipalProvider.java:124)
at org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule.getPrincipals(A bstractLoginModule.java:498)
at org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl.commit(LoginModule Impl.java:166)
at org.apache.felix.jaas.boot.ProxyLoginModule.commit(ProxyLoginModule.java:57)
at sun.reflect.GeneratedMethodAccessor3067.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:588)
at org.apache.jackrabbit.oak.core.ContentRepositoryImpl.login(ContentRepositoryImpl.java:163 )
at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:282)
at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:225)
at org.apache.jackrabbit.oak.jcr.session.SessionImpl.impersonate(SessionImpl.java:275)
at com.adobe.granite.repository.impl.CRX3SessionImpl.impersonate(CRX3SessionImpl.java:149)
at com.day.crx.security.token.TokenUtil.createCredentials(TokenUtil.java:90)
at com.adobe.granite.auth.saml.extidp.DefaultUserSync.process(DefaultUserSync.java:108)
at com.adobe.granite.auth.saml.SamlAuthenticationHandler.syncUser(SamlAuthenticationHandler. java:860)
at com.adobe.granite.auth.saml.SamlAuthenticationHandler.handleLogin(SamlAuthenticationHandl er.java:852)
at com.adobe.granite.auth.saml.SamlAuthenticationHandler.extractCredentials(SamlAuthenticati onHandler.java:499)
at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(Authenti cationHandlerHolder.java:76)
at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(Ab stractAuthenticationHandlerHolder.java:60)
at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticat or.java:735)
at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.ja va:483)
at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java :460)
at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:131)
at org.apache.felix.http.base.internal.whiteboard.PerBundleServletContextImpl.handleSecurity (PerBundleServletContextImpl.java:82)
at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:58)
at org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)
at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1002)
at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:326)
at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandle r.java:136)
at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1008)
at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97)
at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandle r.java:136)
at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1008)
at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(Whit eboardManager.java:1012)
at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)
at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet. java:49)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:542)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1701)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1668)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection .java:220)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.Server.handle(Server.java:502)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:30 5)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExe cutor.java:366)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
at java.lang.Thread.run(Thread.java:748)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:588)
at org.apache.jackrabbit.oak.core.ContentRepositoryImpl.login(ContentRepositoryImpl.java:163 ) [org.apache.jackrabbit.oak-core:1.10.2]
at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:282) [org.apache.jackrabbit.oak-jcr:1.10.2]
... 56 common frames omitted
30.10.2019 01:25:48.773 *INFO* [qtp748111386-420467] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: user_sync_failed detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=user_sync_failed
30.10.2019 01:25:48.773 *ERROR* [qtp748111386-420467] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed
30.10.2019 01:25:50.034 *INFO* [HealthCheck Synchronized Clocks] org.apache.sling.discovery.oak.SynchronizedClocksHealthCheck execute: no topology connectors connected to local instance.
30.10.2019 01:25:52.376 *INFO* [oak-lucene-40697] org.apache.jackrabbit.oak.plugins.blob.AbstractSharedCachingDataStore Added blob [16bf588f0eebc58006e8ce041e3d86a6ba836370da71d362f49c06b1a02c8e6d] to backend
30.10.2019 01:25:52.498 *INFO* [oak-lucene-40697] org.apache.jackrabbit.oak.plugins.blob.AbstractSharedCachingDataStore Added blob [6a88c8c8de9055edfc057588a932e7d23b73db08e4f048f396a313ecdf69a897] to backend
Do you see anything in the SAML logs?
You can set up a Logger in order to debug any issues that might arise from misconfiguring SAML. You can do this by:
@saibul @Jaideep_Brar I'm facing the similar issue that after signing in IDP (Azure AD), response is not getting redirected to AEM page with below error in logs. How did you resolve this issue?
error logs:
24.11.2021 13:40:56.001 *INFO* [qtp457817355-613] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
24.11.2021 13:40:56.007 *WARN* [qtp457817355-613] org.apache.sling.auth.core.AuthUtil isRedirectValid: Redirect target must not be empty or null
saml logs
24.11.2021 13:40:56.007 *DEBUG* [qtp457817355-613] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.
Hi @shelly-goel, any luck with this? I am facing the same issue.
Thanks
Yes I was able to solve it with CORS and Referrer filter configurations as below. You also need to enable ssl on aem instance.
Apache Sling Referrer Filter:
Enable referrer filter to allow B2C tenant URL
{
"allow.hosts":[
"https://login.microsoftonline.com:443"
]
}
CORS Policy:
Enable the CORS policy to allow Cross-Origin POST Request from B2C tenants.
{
"alloworigin":[
"https://login.microsoftonline.com"
]
}
@shelly-goel thanks for the update. After you resolved your issue, are you still seeing the same messages in your log files?