Adobe Experience Manager Sites & More

Chanwalav23 · 4/23/22

I am trying to setup a new ec2 instance, and on author instance. The SAML Authentication is failing and throwing the below error.

 com.adobe.granite.auth.saml.SamlAuthenticationHandler Login failed. SAML token invalid.
 com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token

 *INFO* [qtp1714949751-38787] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
 *INFO* [qtp1714949751-38787] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
 *WARN* [qtp1714949751-38787] org.apache.sling.auth.core.AuthUtil isRedirectValid: Redirect target must not be empty or null
 *ERROR* [qtp1714949751-43800] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed

I was able to setup the SAML authentication on Dev environment. On QA I did the same(The configs are updated accordingly). But getting the above issue. Can someone help me on this issue?

Thanks in advance.

Chanwalav23 · 4/27/22

Issue resolved. I have got the updated certificate from our SSO team and issue resolved.

View solution in original post

DEBAL_DAS · 4/25/22

Please refer this https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/6-4-quot-invalid-saml-toke...

As you are facing the issue with QA environment , did you upload separate(QA environment specific) SAML certificate to AEM QA environment?

Chanwalav23 · 4/25/22

Hi Das,

I have gone through the above link that you shared and that didn't helped me. And yes I have updated the QA environment specific configs.

Thanks,

Vijay.

Chanwalav23 · 4/27/22

Issue resolved. I have got the updated certificate from our SSO team and issue resolved.

this-that-the-otter · 4/7/25

We faced this issue recently and it was related to the system time being off. Syncing the system clock with NTP resolved the issue. Here's what we saw in the logs prior to updating the system clock:

==> /apps/author/crx-quickstart/logs/error.log <==
07.04.2025 09:30:19.190 *INFO* [qtp1413716254-60] com.adobe.granite.auth.saml.SamlAuthenticationHandler Login failed. SAML token invalid.
07.04.2025 09:30:19.191 *INFO* [qtp1413716254-60] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token
07.04.2025 09:30:19.192 *ERROR* [qtp1413716254-60] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed

Adobe Experience Manager Sites & More

Invalid SAML token - AEM 6.5.8

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe