Hi,
While configuring SAML on AEM I am getting below error in error.log. SAML logs are proper and do not have any error.
08.04.2015 10:48:13.902 *INFO* [qtp1468301140-454] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
08.04.2015 10:48:13.949 *ERROR* [qtp1468301140-454] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed
Any help.
\Amit
Solved! Go to Solution.
Views
Replies
Total Likes
Your config & response looks correct. I would always recommend to configure userid attribute even though it fall back to nameid.
For now seems like service ranking or different redirect url or case sensitive or same where request got flushed and causing the issue. Can you try below and attach additional details
1) configure defaultRedirectUrl in samlauthenticationHandler to /content/gss-portal.html instead of /
2) Enable debug for "com.adobe.granite.saml" and repeat the test case and attach if issue persist
*) Latest logs
*) Snapshot of http://host:port/system/console/slingauth
Views
Replies
Total Likes
Looks like, its the issue with the credentials. Please check these if it helps
https://helpx.adobe.com/experience-manager/kb/saml-demo.html
Views
Replies
Total Likes
Please raise support ticket with proper information if the helpx link from bsloki is not helping.
Views
Replies
Total Likes
@bsloki
Thanks for quick revert. I have followed the link mentioned and saml logs are proper.
Views
Replies
Total Likes
Attach saml response, config, and samlhandler debug logs.
Views
Replies
Total Likes
I do not see any attachments.
Views
Replies
Total Likes
Hi Sham,
Please find attached SAMLResponse & config, there are no logs in SAML, but I have error in error.log as shared above.
copying same for reference again
08.04.2015 10:48:13.902 *INFO* [qtp1468301140-454] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
08.04.2015 10:48:13.949 *ERROR* [qtp1468301140-454] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed
thanks for looking into this.
Amit
Views
Replies
Total Likes
Elaborated error logs: 08.04.2015 16:23:57.373 *INFO* [127.0.0.1 [1428506637373] GET /content/gss-portal/en/na HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /content/gss-portal/en/na not found 08.04.2015 16:24:04.594 *ERROR* [qtp1468301140-517] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed 08.04.2015 16:24:05.531 *INFO* [127.0.0.1 [1428506645531] GET /etc/designs/gss-portal/provisioning-portal.css HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /etc/designs/gss-portal/provisioning-portal.css not found 08.04.2015 16:24:05.812 *INFO* [127.0.0.1 [1428506645812] GET /etc/designs/provisioning-portal/clientlibs/jquery-cookie.js HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /etc/designs/provisioning-portal/clientlibs/jquery-cookie.js not found 08.04.2015 16:24:06.328 *INFO* [127.0.0.1 [1428506646312] GET /content/gss-portal/en/na HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /content/gss-portal/en/na not found 08.04.2015 16:24:06.359 *ERROR* [qtp1468301140-524] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed 08.04.2015 16:24:06.544 *INFO* [127.0.0.1 [1428506646544] GET /etc/designs/provisioning-portal/favicon.ico HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /etc/designs/provisioning-portal/favicon.ico not found 08.04.2015 16:24:06.559 *INFO* [127.0.0.1 [1428506646544] GET /etc/designs/provisioning-portal/resources/javascripts/app.js HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /etc/designs/provisioning-portal/resources/javascripts/app.js not found 08.04.2015 16:24:06.809 *INFO* [127.0.0.1 [1428506646809] GET /etc/designs/provisioning-portal/favicon.ico HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /etc/designs/provisioning-portal/favicon.ico not found 08.04.2015 16:24:06.825 *ERROR* [127.0.0.1 [1428506646825] GET /etc/segmentation.segment.js HTTP/1.1] org.apache.sling.servlets.get.impl.DefaultGetServlet No renderer for extension js, cannot render resource JcrNodeResource, type=rep:ACL, superType=null, path=/etc/segmentation/aam/rep:policy 08.04.2015 16:24:06.825 *ERROR* [127.0.0.1 [1428506646825] GET /etc/segmentation.segment.js HTTP/1.1] org.apache.sling.servlets.get.impl.DefaultGetServlet No renderer for extension js, cannot render resource JcrNodeResource, type=rep:ACL, superType=null, path=/etc/segmentation/rep:policy 08.04.2015 16:24:07.450 *WARN* [127.0.0.1 [1428506647434] GET /etc/clientcontext/default/content/jcr:content/stores.init.js HTTP/1.1] com.adobe.cq.commerce.common.AbstractJcrCommerceSession Unable to extract locale from page /content/gss-portal/en/gss-portal, falling back to default locale en_US. 08.04.2015 16:24:08.169 *ERROR* [qtp1468301140-517] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed 08.04.2015 16:24:09.588 *ERROR* [qtp1468301140-525] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed 08.04.2015 16:24:11.088 *ERROR* [qtp1468301140-524] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed 08.04.2015 16:24:12.573 *ERROR* [qtp1468301140-522] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed 08.04.2015 16:24:14.088 *ERROR* [qtp1468301140-525] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed
Views
Replies
Total Likes
Your config & response looks correct. I would always recommend to configure userid attribute even though it fall back to nameid.
For now seems like service ranking or different redirect url or case sensitive or same where request got flushed and causing the issue. Can you try below and attach additional details
1) configure defaultRedirectUrl in samlauthenticationHandler to /content/gss-portal.html instead of /
2) Enable debug for "com.adobe.granite.saml" and repeat the test case and attach if issue persist
*) Latest logs
*) Snapshot of http://host:port/system/console/slingauth
Views
Replies
Total Likes
Thanks Sham, I was able to fix this issue with modification to redirect URI and nameId attribute as you suggested.
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies