com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: user_sync_failed detected | Community
Skip to main content
saibul
saibul
Level 4
October 31, 2019

com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: user_sync_failed detected

  • October 31, 2019
  • 2 replies
  • 8958 views

Server: AEM-6.5.1 SP-6.5.1

OS: RHEL7

Oak: 1.10.2

We use SAML for authentication, this server is migrated from AEM 6.3 to 6.5 a month back.

The users were able to log in but recently a couple of users not able to log in and the "SamlAuthenticationHandler" error is captured in the error.log.

I have attached the log.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

2 replies

saibul
saibulAuthor
Level 4
October 31, 2019

Following is the log from error.log::

30.10.2019 01:25:24.837 *INFO* [qtp748111386-420442] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: user_sync_failed detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=user_sync_failed

30.10.2019 01:25:24.837 *ERROR* [qtp748111386-420442] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed

30.10.2019 01:25:26.775 *INFO* [10.20.42.43 [1572398726774] POST /bin/receive HTTP/1.1] com.day.cq.replication.impl.servlets.ReplicationServlet Processed replication action in 0ms: TEST of /content

30.10.2019 01:25:41.799 *INFO* [qtp748111386-420467] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

30.10.2019 01:25:41.801 *WARN* [qtp748111386-420467] org.apache.sling.auth.core.AuthUtil isRedirectValid: Redirect target must not be empty or null

30.10.2019 01:25:42.217 *INFO* [sling-default-5-health-org.apache.sling.discovery.oak.SynchronizedClocksHealthCheck] org.apache.sling.discovery.oak.SynchronizedClocksHealthCheck execute: no topology connectors connected to local instance.

30.10.2019 01:25:48.755 *INFO* [qtp748111386-420467] com.adobe.granite.security.user.internal.audit.AuditGroupAction User 'wun1' was added to the group 'UG-NA-AEM-Member-Role'

30.10.2019 01:25:48.771 *INFO* [sling-oak-observation-9] com.adobe.cq.social.sync.impl.PublisherSyncServiceImpl Handing these paths to the distribution subsystem: [/home/users/M/MhG_r1SwB8knUp_Nqpgi]

30.10.2019 01:25:48.771 *INFO* [sling-oak-observation-9] com.adobe.cq.social.sync.impl.PublisherSyncServiceImpl Could not distribute the requested paths: [/home/users/M/MhG_r1SwB8knUp_Nqpgi] Error was: Agent is not available

30.10.2019 01:25:48.773 *ERROR* [qtp748111386-420467] com.adobe.granite.auth.saml.extidp.DefaultUserSync User synchronization failed: Could not access repository.

javax.jcr.RepositoryException: Failed to generate login-token: Could not access Repository

        at com.day.crx.security.token.TokenUtil.createCredentials(TokenUtil.java:103) [com.day.crx.sling.crx-auth-token:2.5.42]

        at com.adobe.granite.auth.saml.extidp.DefaultUserSync.process(DefaultUserSync.java:108) [com.adobe.granite.auth.saml:1.0.24.CQ650-B0004]

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.syncUser(SamlAuthenticationHandler. java:860) [com.adobe.granite.auth.saml:1.0.24.CQ650-B0004]

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.handleLogin(SamlAuthenticationHandl er.java:852) [com.adobe.granite.auth.saml:1.0.24.CQ650-B0004]

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.extractCredentials(SamlAuthenticati onHandler.java:499) [com.adobe.granite.auth.saml:1.0.24.CQ650-B0004]

        at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(Authenti cationHandlerHolder.java:76) [org.apache.sling.auth.core:1.4.2]

        at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(Ab stractAuthenticationHandlerHolder.java:60) [org.apache.sling.auth.core:1.4.2]

        at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticat or.java:735) [org.apache.sling.auth.core:1.4.2]

        at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.ja va:483) [org.apache.sling.auth.core:1.4.2]

  

        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection .java:220) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.server.Server.handle(Server.java:502) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:30 5) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExe cutor.java:366) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) [org.apache.felix.http.jetty:4.0.8]

        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) [org.apache.felix.http.jetty:4.0.8]

        at java.lang.Thread.run(Thread.java:748)

Caused by: javax.jcr.LoginException: java.lang.UnsupportedOperationException

        at java.util.AbstractCollection.add(AbstractCollection.java:262)

        at org.apache.jackrabbit.oak.security.user.UserPrincipalProvider.getGroupMembership(UserPrin cipalProvider.java:267)

        at org.apache.jackrabbit.oak.security.user.UserPrincipalProvider.getMembershipPrincipals(Use rPrincipalProvider.java:124)

        at org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule.getPrincipals(A bstractLoginModule.java:498)

        at org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl.commit(LoginModule Impl.java:166)

        at org.apache.felix.jaas.boot.ProxyLoginModule.commit(ProxyLoginModule.java:57)

        at sun.reflect.GeneratedMethodAccessor3067.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:498)

        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)

        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

        at javax.security.auth.login.LoginContext.login(LoginContext.java:588)

        at org.apache.jackrabbit.oak.core.ContentRepositoryImpl.login(ContentRepositoryImpl.java:163 )

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:282)

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:225)

        at org.apache.jackrabbit.oak.jcr.session.SessionImpl.impersonate(SessionImpl.java:275)

        at com.adobe.granite.repository.impl.CRX3SessionImpl.impersonate(CRX3SessionImpl.java:149)

        at com.day.crx.security.token.TokenUtil.createCredentials(TokenUtil.java:90)

        at com.adobe.granite.auth.saml.extidp.DefaultUserSync.process(DefaultUserSync.java:108)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.syncUser(SamlAuthenticationHandler. java:860)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.handleLogin(SamlAuthenticationHandl er.java:852)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.extractCredentials(SamlAuthenticati onHandler.java:499)

        at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(Authenti cationHandlerHolder.java:76)

        at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(Ab stractAuthenticationHandlerHolder.java:60)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticat or.java:735)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.ja va:483)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java :460)

        at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:131)

        at org.apache.felix.http.base.internal.whiteboard.PerBundleServletContextImpl.handleSecurity (PerBundleServletContextImpl.java:82)

        at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:58)

        at org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1002)

        at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:326)

        at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandle r.java:136)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1008)

        at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97)

        at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandle r.java:136)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1008)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(Whit eboardManager.java:1012)

        at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)

        at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet. java:49)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)

        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873)

        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:542)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1701)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)

        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)

        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1668)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)

        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)

        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)

        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection .java:220)

        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)

        at org.eclipse.jetty.server.Server.handle(Server.java:502)

        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)

        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)

        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:30 5)

        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)

        at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)

        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExe cutor.java:366)

        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)

        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)

        at java.lang.Thread.run(Thread.java:748)

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:290) [org.apache.jackrabbit.oak-jcr:1.10.2]

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:225) [org.apache.jackrabbit.oak-jcr:1.10.2]

        at org.apache.jackrabbit.oak.jcr.session.SessionImpl.impersonate(SessionImpl.java:275) [org.apache.jackrabbit.oak-jcr:1.10.2]

        at com.adobe.granite.repository.impl.CRX3SessionImpl.impersonate(CRX3SessionImpl.java:149) [com.adobe.granite.repository:1.6.28]

        at com.day.crx.security.token.TokenUtil.createCredentials(TokenUtil.java:90) [com.day.crx.sling.crx-auth-token:2.5.42]

        ... 52 common frames omitted

Caused by: javax.security.auth.login.LoginException: java.lang.UnsupportedOperationException

        at java.util.AbstractCollection.add(AbstractCollection.java:262)

        at org.apache.jackrabbit.oak.security.user.UserPrincipalProvider.getGroupMembership(UserPrin cipalProvider.java:267)

        at org.apache.jackrabbit.oak.security.user.UserPrincipalProvider.getMembershipPrincipals(Use rPrincipalProvider.java:124)

        at org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule.getPrincipals(A bstractLoginModule.java:498)

        at org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl.commit(LoginModule Impl.java:166)

        at org.apache.felix.jaas.boot.ProxyLoginModule.commit(ProxyLoginModule.java:57)

        at sun.reflect.GeneratedMethodAccessor3067.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:498)

        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)

        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

        at javax.security.auth.login.LoginContext.login(LoginContext.java:588)

        at org.apache.jackrabbit.oak.core.ContentRepositoryImpl.login(ContentRepositoryImpl.java:163 )

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:282)

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:225)

        at org.apache.jackrabbit.oak.jcr.session.SessionImpl.impersonate(SessionImpl.java:275)

        at com.adobe.granite.repository.impl.CRX3SessionImpl.impersonate(CRX3SessionImpl.java:149)

        at com.day.crx.security.token.TokenUtil.createCredentials(TokenUtil.java:90)

        at com.adobe.granite.auth.saml.extidp.DefaultUserSync.process(DefaultUserSync.java:108)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.syncUser(SamlAuthenticationHandler. java:860)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.handleLogin(SamlAuthenticationHandl er.java:852)

        at com.adobe.granite.auth.saml.SamlAuthenticationHandler.extractCredentials(SamlAuthenticati onHandler.java:499)

        at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(Authenti cationHandlerHolder.java:76)

        at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(Ab stractAuthenticationHandlerHolder.java:60)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticat or.java:735)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.ja va:483)

        at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java :460)

        at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:131)

        at org.apache.felix.http.base.internal.whiteboard.PerBundleServletContextImpl.handleSecurity (PerBundleServletContextImpl.java:82)

        at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:58)

        at org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1002)

        at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:326)

        at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandle r.java:136)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1008)

        at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97)

        at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandle r.java:136)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardMan ager.java:1008)

        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(Whit eboardManager.java:1012)

        at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)

        at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet. java:49)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)

        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873)

        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:542)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1701)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)

        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)

        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1668)

        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)

        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)

        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)

        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection .java:220)

        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)

        at org.eclipse.jetty.server.Server.handle(Server.java:502)

        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)

        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)

        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:30 5)

        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)

        at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)

        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)

        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExe cutor.java:366)

        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)

        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)

        at java.lang.Thread.run(Thread.java:748)

        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)

        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

        at javax.security.auth.login.LoginContext.login(LoginContext.java:588)

        at org.apache.jackrabbit.oak.core.ContentRepositoryImpl.login(ContentRepositoryImpl.java:163 ) [org.apache.jackrabbit.oak-core:1.10.2]

        at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:282) [org.apache.jackrabbit.oak-jcr:1.10.2]

        ... 56 common frames omitted

30.10.2019 01:25:48.773 *INFO* [qtp748111386-420467] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: user_sync_failed detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=user_sync_failed

30.10.2019 01:25:48.773 *ERROR* [qtp748111386-420467] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed

30.10.2019 01:25:50.034 *INFO* [HealthCheck Synchronized Clocks] org.apache.sling.discovery.oak.SynchronizedClocksHealthCheck execute: no topology connectors connected to local instance.

30.10.2019 01:25:52.376 *INFO* [oak-lucene-40697] org.apache.jackrabbit.oak.plugins.blob.AbstractSharedCachingDataStore Added blob [16bf588f0eebc58006e8ce041e3d86a6ba836370da71d362f49c06b1a02c8e6d] to backend

30.10.2019 01:25:52.498 *INFO* [oak-lucene-40697] org.apache.jackrabbit.oak.plugins.blob.AbstractSharedCachingDataStore Added blob [6a88c8c8de9055edfc057588a932e7d23b73db08e4f048f396a313ecdf69a897] to backend

    U
    Adobe Employee
    user05162Adobe Employee
    Adobe Employee
    November 1, 2019

    Do you see anything in the SAML logs?

    You can set up a Logger in order to debug any issues that might arise from misconfiguring SAML. You can do this by:

    • Search for and click on the entry called Apache Sling Logging Logger Configuration

    • Create a logger with the following configuration:
      • Log Level: Debug
      • Log File: logs/saml.log
      • Logger: com.adobe.granite.auth.saml

      shelly-goel
      Adobe Employee
      shelly-goelAdobe Employee
      Adobe Employee
      November 24, 2021

      @saibul @user05162  I'm facing the similar issue that after signing in IDP (Azure AD), response is not getting redirected to AEM page with below error in logs. How did you resolve this issue?

       

      error logs:

      24.11.2021 13:40:56.001 *INFO* [qtp457817355-613] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
      24.11.2021 13:40:56.007 *WARN* [qtp457817355-613] org.apache.sling.auth.core.AuthUtil isRedirectValid: Redirect target must not be empty or null

       

      saml logs

      24.11.2021 13:40:56.007 *DEBUG* [qtp457817355-613] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.

        J
        jarvis_cl_lukow
        Level 2
        January 14, 2022

        Hi @shelly-goel, any luck with this?  I am facing the same issue. 

        Thanks

          Terms & ConditionsAccessibility statement

          Loading footer...