Expand my Community achievements bar.

SAML error when trying to login in Author Instance

Avatar

Level 4

Dear Team,

When I am trying to login to our Dev environment through SSO , then I am getting below error, as shown in below screenshot.

Also I am getting below error message in the below error.log file.

22.08.2016 19:45:45.254 *ERROR* [qtp1938287629-27055] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML response parameter was not provided or invalid.
22.08.2016 19:45:45.255 *INFO* [qtp1938287629-27055] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
22.08.2016 19:45:45.255 *WARN* [qtp1938287629-27055] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.
22.08.2016 19:45:46.687 *ERROR* [qtp1938287629-26657] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML response parameter was not provided or invalid.
22.08.2016 19:45:46.693 *INFO* [10.100.3.45 [1471887946691] GET /saml_login HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /saml_login not found
22.08.2016 19:45:46.694 *INFO* [10.100.3.45 [1471887946691] GET /saml_login HTTP/1.1] com.adobe.acs.commons.errorpagehandler.impl.ErrorPageHandlerImpl ACS AEM Commons Error Page Handler is enabled but mis-configured. A valid error image handler nor a valid error page could be found.
22.08.2016 19:45:52.223 *INFO* [pool-9-thread-2] com.day.cq.replication.Agent.publish1euwest1_reverse Sending GET request to 

We have configured the SAML in /etc/key , as shown in below screenshot.

Also we have observed we are getting 2 SAML in OSGI Configuration , as showm in below screenshot.

Please Suggest.

Thanks !!!

5 Replies

Avatar

Level 3

Was this a new configuration, or has it worked before? If you click on one of the osgi configs and view the options, is there something not specified that should be?

Avatar

Level 7

Seeing your error log I can say that AEM is trying to connect anonymously which is not allowed for author instance. Here is one article which discusses about sling authentication both authenticated and anonymous login.

http://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html 

Avatar

Level 5
Level 5

Which version of the AEM instance you are trying to do this one.?

Can you provide the screenshot of your SAML configurations that you have done.?

Also can you try removing the sling referrer filter "POST" and save the configurations. and the user which you are authenticated via the IDP are available in AEM, If so does those users have required permissions.?

Regards,

VAr

Avatar

Level 4

Dear All,

This SAML was working fine before. But now Its not working. We need the Root Cause for this.

We are using AEM 6.1

Yes , I tried removing the sling referrer filter "POST" and save the configurations but it did not work out.

Also the user which I am trying to authenticate via the IDP are available in AEM, and yes those users have already required permissions.

Please find the below screenshot for our SAML configuration.

Avatar

Employee

Hi,

when you say it was working before what do you mean, it recently stopped working or it was working in a previous version of AEM. 

You don't use /etc/key anymore, please follow [0].

The screenshot you have shared for the SAML configuration doesn't appear to be correct,

  • you have not configured the IDP Certificate Alias, 
  • Your "Service Provider Entity ID" should typically be your AEM server with "saml_login" at the end

The above means you did not follow [0]. The docs for setting up same in 6.1 are incorrect, so if you were not aware of [0], it won't work...

Regards,

Opkar

[0]http://www.aemstuff.com/blogs/july/saml.html