Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED
SAML authentication invalid SAML TOKEN
Hello All,
I am trying to implement saml integration on my local but gives invalid SAML token.
I am following this documentation: https://helpx.adobe.com/experience-manager/using/aem63_saml.html
I am using AEM 6.5.6 version
Here is my configuration:
I had tried to change the Service Provider Entity ID as AEMSAMLServiceaadi which is SPEntityId created on SSO Circle IdP as per documentation.
I had also tried to remove POST as suggested by one of the person in community but it doesn't work.
Here are my logs:
11.02.2021 14:57:34.957 *DEBUG* [qtp499816707-2364] com.adobe.granite.auth.saml.model.Assertion Invalid Assertion: Signature invalid. 11.02.2021 14:57:34.957 *INFO* [qtp499816707-2364] com.adobe.granite.auth.saml.SamlAuthenticationHandler Login failed. SAML token invalid. 11.02.2021 14:57:34.957 *INFO* [qtp499816707-2364] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token 11.02.2021 15:41:14.723 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=com.adobe.granite.auth.saml.SamlAuthenticationHandler.e763ec3a-e683-4c0e-b2d6-63adf9536459)] com.adobe.granite.auth.saml Service [com.adobe.granite.auth.saml.SamlAuthenticationHandler.e763ec3a-e683-4c0e-b2d6-63adf9536459,8730, [org.apache.sling.auth.core.spi.AuthenticationHandler]] ServiceEvent UNREGISTERING 11.02.2021 15:41:14.727 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=com.adobe.granite.auth.saml.SamlAuthenticationHandler.e763ec3a-e683-4c0e-b2d6-63adf9536459)] com.adobe.granite.auth.saml Service [com.adobe.granite.auth.saml.SamlAuthenticationHandler.e763ec3a-e683-4c0e-b2d6-63adf9536459,8776, [org.apache.sling.auth.core.spi.AuthenticationHandler]] ServiceEvent REGISTERED 11.02.2021 15:41:45.103 *DEBUG* [qtp499816707-2418] com.adobe.granite.auth.saml.util.SamlReader Signature verification failed. No signature. 11.02.2021 15:41:45.108 *ERROR* [qtp499816707-2418] com.adobe.granite.auth.saml.util.SamlReader Unable to validate signature. javax.xml.crypto.dsig.XMLSignatureException: java.security.SignatureException: Signature length not correct: got 256 but was expecting 512 at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:565) [com.adobe.granite.auth.saml:1.0.24] at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:254) [com.adobe.granite.auth.saml:1.0.24] at com.adobe.granite.auth.saml.util.SamlReader.verifyElementSignature(SamlReader.java:368) [com.adobe.granite.auth.saml:1.0.24] at com.adobe.granite.auth.saml.util.SamlReader.parse(SamlReader.java:241) [com.adobe.granite.auth.saml:1.0.24] at com.adobe.granite.auth.saml.util.SamlReader.read(SamlReader.java:122) [com.adobe.granite.auth.saml:1.0.24] at com.adobe.granite.auth.saml.binding.PostBinding.receive(PostBinding.java:109) [com.adobe.granite.auth.saml:1.0.24] at com.adobe.granite.auth.saml.SamlAuthenticationHandler.handleLogin(SamlAuthenticationHandler.java:805) [com.adobe.granite.auth.saml:1.0.24] at com.adobe.granite.auth.saml.SamlAuthenticationHandler.extractCredentials(SamlAuthenticationHandler.java:499) [com.adobe.granite.auth.saml:1.0.24] at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(AuthenticationHandlerHolder.java:76) [org.apache.sling.auth.core:1.4.2] at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(AbstractAuthenticationHandlerHolder.java:60) [org.apache.sling.auth.core:1.4.2] at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticator.java:735) [org.apache.sling.auth.core:1.4.2] at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:483) [org.apache.sling.auth.core:1.4.2] at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:460) [org.apache.sling.auth.core:1.4.2] at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:131) [org.apache.sling.engine:2.6.18] at org.apache.felix.http.base.internal.whiteboard.PerBundleServletContextImpl.handleSecurity(PerBundleServletContextImpl.java:82) [org.apache.felix.http.jetty:4.0.8] at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:58) [org.apache.felix.http.jetty:4.0.8] at org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146) [org.apache.felix.http.jetty:4.0.8] at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1002) [org.apache.felix.http.jetty:4.0.8] at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:326) [org.apache.sling.security:1.1.16] at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandler.java:136) [org.apache.felix.http.jetty:4.0.8] at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1008) [org.apache.felix.http.jetty:4.0.8] at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97) [org.apache.felix.http.sslfilter:1.2.6] at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandler.java:136) [org.apache.felix.http.jetty:4.0.8] at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1008) [org.apache.felix.http.jetty:4.0.8] at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(WhiteboardManager.java:1012) [org.apache.felix.http.jetty:4.0.8] at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91) [org.apache.felix.http.jetty:4.0.8] at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49) [org.apache.felix.http.jetty:4.0.8] at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) [org.apache.felix.http.servlet-api:1.1.2] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:542) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1701) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1668) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.server.Server.handle(Server.java:502) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) [org.apache.felix.http.jetty:4.0.8] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) [org.apache.felix.http.jetty:4.0.8] at java.lang.Thread.run(Thread.java:748) Caused by: java.security.SignatureException: Signature length not correct: got 256 but was expecting 512 at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:211) at java.security.Signature$Delegate.engineVerify(Signature.java:1394) at java.security.Signature.verify(Signature.java:771) at org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod.verify(DOMSignatureMethod.java:238) [com.adobe.granite.auth.saml:1.0.24] at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:562) [com.adobe.granite.auth.saml:1.0.24] ... 55 common frames omitted 11.02.2021 15:41:45.109 *DEBUG* [qtp499816707-2418] com.adobe.granite.auth.saml.model.Assertion Invalid Assertion: audienceRestrictions violated. 11.02.2021 15:41:45.109 *INFO* [qtp499816707-2418] com.adobe.granite.auth.saml.SamlAuthenticationHandler Login failed. SAML token invalid. 11.02.2021 15:41:45.109 *INFO* [qtp499816707-2418] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token
Please let me know if I am missing anything. I tried to refer many community links but it is not resolved.
Thanks,
Adithya.
1 Accepted Solution
Thanks Ankur for the details. I followed the process according to the link that you had provided, it still says the same. I tried to re-configure the key store too.
4.02.2021 22:24:48.375 *DEBUG* [qtp1785193178-1799] com.adobe.granite.auth.saml.model.Assertion Invalid Assertion: Signature invalid. 14.02.2021 22:24:48.375 *INFO* [qtp1785193178-1799] com.adobe.granite.auth.saml.SamlAuthenticationHandler Login failed. SAML token invalid. 14.02.2021 22:24:48.376 *INFO* [qtp1785193178-1799] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token
Thanks,
Adithya.
Related Conversations
