Expand my Community achievements bar.

com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: user_sync_failed detected

Avatar

Level 4
Level 4
10/30/19 5:55:13 PM

Server: AEM-6.5.1 SP-6.5.1

OS: RHEL7

Oak: 1.10.2

We use SAML for authentication, this server is migrated from AEM 6.3 to 6.5 a month back.

The users were able to log in but recently a couple of users not able to log in and the "SamlAuthenticationHandler" error is captured in the error.log.

I have attached the log.

Views

7.8K

Replies

6
Sign in to like this content

Total Likes

Translate
Translate
6 Replies

Avatar

Level 4
Level 4
10/30/19 5:56:44 PM

Following is the log from error.log::

30.10.2019 01:25:24.837 *INFO* [qtp748111386-420442] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: user_sync_failed detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=user_sync_failed

30.10.2019 01:25:24.837 *ERROR* [qtp748111386-420442] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed

30.10.2019 01:25:26.775 *INFO* [10.20.42.43 [1572398726774] POST /bin/receive HTTP/1.1] com.day.cq.replication.impl.servlets.ReplicationServlet Processed replication action in 0ms: TEST of /content

30.10.2019 01:25:41.799 *INFO* [qtp748111386-420467] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

30.10.2019 01:25:41.801 *WARN* [qtp748111386-420467] org.apache.sling.auth.core.AuthUtil isRedirectValid: Redirect target must not be empty or null

30.10.2019 01:25:42.217 *INFO* [sling-default-5-health-org.apache.sling.discovery.oak.SynchronizedClocksHealthCheck] org.apache.sling.discovery.oak.SynchronizedClocksHealthCheck execute: no topology connectors connected to local instance.

30.10.2019 01:25:48.755 *INFO* [qtp748111386-420467] com.adobe.granite.security.user.internal.audit.AuditGroupAction User 'wun1' was added to the group 'UG-NA-AEM-Member-Role'

30.10.2019 01:25:48.771 *INFO* [sling-oak-observation-9] com.adobe.cq.social.sync.impl.PublisherSyncServiceImpl Handing these paths to the distribution subsystem: [/home/users/M/MhG_r1SwB8knUp_Nqpgi]

30.10.2019 01:25:48.771 *INFO* [sling-oak-observation-9] com.adobe.cq.social.sync.impl.PublisherSyncServiceImpl Could not distribute the requested paths: [/home/users/M/MhG_r1SwB8knUp_Nqpgi] Error was: Agent is not available

30.10.2019 01:25:48.773 *ERROR* [qtp748111386-420467] com.adobe.granite.auth.saml.extidp.DefaultUserSync User synchronization failed: Could not access repository.

javax.jcr.RepositoryException: Failed to generate login-token: Could not access Repository

        at com.day.crx.security.token.TokenUtil.createCredentials(TokenUtil.java:103) [com.day.crx.sling.crx-auth-token:2.5.42]

        at com.adobe.granite.auth.saml.extidp.DefaultUserSync.process(DefaultUserSync.java:108) [com.adobe.granite.auth.saml:1.0.24.CQ650-B0004]

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.syncUser(SamlAuthenticationHandler. java:860) [com.adobe.granite.auth.saml:1.0.24.CQ650-B0004]

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.handleLogin(SamlAuthenticationHandl er.java:852) [com.adobe.granite.auth.saml:1.0.24.CQ650-B0004]

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.extractCredentials(SamlAuthenticati onHandler.java:499) [com.adobe.granite.auth.saml:1.0.24.CQ650-B0004]

        at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(Authenti cationHandlerHolder.java:76) [org.apache.sling.auth.core:1.4.2]

        at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(Ab stractAuthenticationHandlerHolder.java:60) [org.apache.sling.auth.core:1.4.2]

        at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticat or.java:735) [org.apache.sling.auth.core:1.4.2]

        at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.ja va:483) [org.apache.sling.auth.core:1.4.2]

  

        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection .java:220) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.server.Server.handle(Server.java:502) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:30 5) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExe cutor.java:366) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) [org.apache.felix.http.jetty:4.0.8]

        at java.lang.Thread.run(Thread.java:748)

Caused by: javax.jcr.LoginException: java.lang.UnsupportedOperationException

        at java.util.AbstractCollection.add(AbstractCollection.java:262)

        at org.apache.jackrabbit.oak.security.user.UserPrincipalProvider.getGroupMembership(UserPrin cipalProvider.java:267)

        at org.apache.jackrabbit.oak.security.user.UserPrincipalProvider.getMembershipPrincipals(Use rPrincipalProvider.java:124)

        at org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule.getPrincipals(A bstractLoginModule.java:498)

        at org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl.commit(LoginModule Impl.java:166)

        at org.apache.felix.jaas.boot.ProxyLoginModule.commit(ProxyLoginModule.java:57)

        at sun.reflect.GeneratedMethodAccessor3067.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:498)

        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)

        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

        at javax.security.auth.login.LoginContext.login(LoginContext.java:588)

        at org.apache.jackrabbit.oak.core.ContentRepositoryImpl.login(ContentRepositoryImpl.java:163 )

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:282)

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:225)

        at org.apache.jackrabbit.oak.jcr.session.SessionImpl.impersonate(SessionImpl.java:275)

        at com.adobe.granite.repository.impl.CRX3SessionImpl.impersonate(CRX3SessionImpl.java:149)

        at com.day.crx.security.token.TokenUtil.createCredentials(TokenUtil.java:90)

        at com.adobe.granite.auth.saml.extidp.DefaultUserSync.process(DefaultUserSync.java:108)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.syncUser(SamlAuthenticationHandler. java:860)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.handleLogin(SamlAuthenticationHandl er.java:852)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.extractCredentials(SamlAuthenticati onHandler.java:499)

        at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(Authenti cationHandlerHolder.java:76)

        at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(Ab stractAuthenticationHandlerHolder.java:60)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticat or.java:735)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.ja va:483)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java :460)

        at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:131)

        at org.apache.felix.http.base.internal.whiteboard.PerBundleServletContextImpl.handleSecurity (PerBundleServletContextImpl.java:82)

        at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:58)

        at org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1002)

        at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:326)

        at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandle r.java:136)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1008)

        at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97)

        at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandle r.java:136)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1008)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(Whit eboardManager.java:1012)

        at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)

        at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet. java:49)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)

        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873)

        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:542)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1701)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)

        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)

        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1668)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)

        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)

        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)

        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection .java:220)

        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)

        at org.eclipse.jetty.server.Server.handle(Server.java:502)

        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)

        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)

        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:30 5)

        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)

        at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)

        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExe cutor.java:366)

        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)

        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)

        at java.lang.Thread.run(Thread.java:748)

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:290) [org.apache.jackrabbit.oak-jcr:1.10.2]

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:225) [org.apache.jackrabbit.oak-jcr:1.10.2]

        at org.apache.jackrabbit.oak.jcr.session.SessionImpl.impersonate(SessionImpl.java:275) [org.apache.jackrabbit.oak-jcr:1.10.2]

        at com.adobe.granite.repository.impl.CRX3SessionImpl.impersonate(CRX3SessionImpl.java:149) [com.adobe.granite.repository:1.6.28]

        at com.day.crx.security.token.TokenUtil.createCredentials(TokenUtil.java:90) [com.day.crx.sling.crx-auth-token:2.5.42]

        ... 52 common frames omitted

Caused by: javax.security.auth.login.LoginException: java.lang.UnsupportedOperationException

        at java.util.AbstractCollection.add(AbstractCollection.java:262)

        at org.apache.jackrabbit.oak.security.user.UserPrincipalProvider.getGroupMembership(UserPrin cipalProvider.java:267)

        at org.apache.jackrabbit.oak.security.user.UserPrincipalProvider.getMembershipPrincipals(Use rPrincipalProvider.java:124)

        at org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule.getPrincipals(A bstractLoginModule.java:498)

        at org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl.commit(LoginModule Impl.java:166)

        at org.apache.felix.jaas.boot.ProxyLoginModule.commit(ProxyLoginModule.java:57)

        at sun.reflect.GeneratedMethodAccessor3067.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:498)

        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)

        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

        at javax.security.auth.login.LoginContext.login(LoginContext.java:588)

        at org.apache.jackrabbit.oak.core.ContentRepositoryImpl.login(ContentRepositoryImpl.java:163 )

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:282)

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:225)

        at org.apache.jackrabbit.oak.jcr.session.SessionImpl.impersonate(SessionImpl.java:275)

        at com.adobe.granite.repository.impl.CRX3SessionImpl.impersonate(CRX3SessionImpl.java:149)

        at com.day.crx.security.token.TokenUtil.createCredentials(TokenUtil.java:90)

        at com.adobe.granite.auth.saml.extidp.DefaultUserSync.process(DefaultUserSync.java:108)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.syncUser(SamlAuthenticationHandler. java:860)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.handleLogin(SamlAuthenticationHandl er.java:852)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.extractCredentials(SamlAuthenticati onHandler.java:499)

        at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(Authenti cationHandlerHolder.java:76)

        at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(Ab stractAuthenticationHandlerHolder.java:60)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticat or.java:735)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.ja va:483)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java :460)

        at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:131)

        at org.apache.felix.http.base.internal.whiteboard.PerBundleServletContextImpl.handleSecurity (PerBundleServletContextImpl.java:82)

        at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:58)

        at org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1002)

        at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:326)

        at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandle r.java:136)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1008)

        at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97)

        at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandle r.java:136)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1008)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(Whit eboardManager.java:1012)

        at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)

        at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet. java:49)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)

        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873)

        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:542)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1701)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)

        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)

        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1668)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)

        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)

        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)

        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection .java:220)

        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)

        at org.eclipse.jetty.server.Server.handle(Server.java:502)

        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)

        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)

        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:30 5)

        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)

        at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)

        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExe cutor.java:366)

        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)

        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)

        at java.lang.Thread.run(Thread.java:748)

        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)

        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

        at javax.security.auth.login.LoginContext.login(LoginContext.java:588)

        at org.apache.jackrabbit.oak.core.ContentRepositoryImpl.login(ContentRepositoryImpl.java:163 ) [org.apache.jackrabbit.oak-core:1.10.2]

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:282) [org.apache.jackrabbit.oak-jcr:1.10.2]

        ... 56 common frames omitted

30.10.2019 01:25:48.773 *INFO* [qtp748111386-420467] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: user_sync_failed detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=user_sync_failed

30.10.2019 01:25:48.773 *ERROR* [qtp748111386-420467] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed

30.10.2019 01:25:50.034 *INFO* [HealthCheck Synchronized Clocks] org.apache.sling.discovery.oak.SynchronizedClocksHealthCheck execute: no topology connectors connected to local instance.

30.10.2019 01:25:52.376 *INFO* [oak-lucene-40697] org.apache.jackrabbit.oak.plugins.blob.AbstractSharedCachingDataStore Added blob [16bf588f0eebc58006e8ce041e3d86a6ba836370da71d362f49c06b1a02c8e6d] to backend

30.10.2019 01:25:52.498 *INFO* [oak-lucene-40697] org.apache.jackrabbit.oak.plugins.blob.AbstractSharedCachingDataStore Added blob [6a88c8c8de9055edfc057588a932e7d23b73db08e4f048f396a313ecdf69a897] to backend

Views

7.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
11/1/19 7:21:45 AM

Do you see anything in the SAML logs?

You can set up a Logger in order to debug any issues that might arise from misconfiguring SAML. You can do this by:

  • Search for and click on the entry called Apache Sling Logging Logger Configuration

  • Create a logger with the following configuration:
    • Log Level: Debug
    • Log File: logs/saml.log
    • Logger: com.adobe.granite.auth.saml

Views

7.5K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
11/24/21 12:33:18 AM
In response to Jaideep_Brar

@saibul @Jaideep_Brar  I'm facing the similar issue that after signing in IDP (Azure AD), response is not getting redirected to AEM page with below error in logs. How did you resolve this issue?

 

error logs:

24.11.2021 13:40:56.001 *INFO* [qtp457817355-613] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
24.11.2021 13:40:56.007 *WARN* [qtp457817355-613] org.apache.sling.auth.core.AuthUtil isRedirectValid: Redirect target must not be empty or null

 

saml logs

24.11.2021 13:40:56.007 *DEBUG* [qtp457817355-613] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.

Views

4.4K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
1/15/22 12:22:29 AM
In response to jarvis_cl_lukow

Yes I was able to solve it with CORS and Referrer filter configurations as below. You also need to enable ssl on aem instance.


Apache Sling Referrer Filter:

Enable referrer filter to allow B2C tenant URL

{
"allow.hosts":[
"https://login.microsoftonline.com:443"
]
}

CORS Policy:

Enable the CORS policy to allow Cross-Origin POST Request from B2C tenants.

{
"alloworigin":[
"https://login.microsoftonline.com"
]
}

 

Views

4.3K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
1/17/22 7:21:23 AM
In response to shelly-goel

@shelly-goel thanks for the update.  After you resolved your issue, are you still seeing the same messages in your log files?

Views

4.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Adobe Developers Live, November 2024, Session | Roll your own HTML with Web Components

Views

114

Likes

0

Replies

0
Adobe Developers Live, November 2024, On-Demand Session | Accelerate back-office integrations with Adobe Commerce with the Integration Starter Kit

Views

146

Likes

0

Replies

0
Adobe Developers Live, November 2024, On-Demand Session | Content Supply Chain Workflows with power of Asset Selector

Views

107

Likes

0

Replies

0
Adobe Developers Live, November 2024, On-Demand Session | Energizing Adobe Commerce with AEM Assets and Gen AI

Views

119

Likes

0

Replies

0
Adobe Developers Live, November 2024, Session | Developing exceptional commerce Storefront experiences with Edge Delivery Services & Adobe Commerce

Views

192

Likes

0

Replies

0