Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token

Avatar

Level 2

Hi,

 

I always get below error message,

 

kumamanish_0-1663223461483.png

 

IDP- Keycloak ( http://localhost:8180/auth/realms/aem)

IDP Client - aem-app

 

SP - AEM(http://localhost:4502)

SP-SAML-CONFIG - Authentication Handler 

kumamanish_1-1663223688068.png

 

Logs:

- saml.log:-

--------------

15.09.2022 11:57:38.092 *DEBUG* [qtp2135073923-4803] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.
15.09.2022 11:58:23.949 *DEBUG* [qtp2135073923-4805] com.adobe.granite.auth.saml.util.SamlReader Signature verification failed for [saml:Assertion: null]. No signature.
15.09.2022 11:58:23.949 *DEBUG* [qtp2135073923-4805] com.adobe.granite.auth.saml.model.Assertion Invalid Assertion: notOnOrAfter violated: (java.util.GregorianCalendar[time=1663223363949,areFieldsSet=true,areAllFieldsSet=true,lenient=true,zone=sun.util.calendar.ZoneInfo[id="Asia/Calcutta",offset=19800000,dstSavings=0,useDaylight=false,transitions=7,lastRule=null],firstDayOfWeek=1,minimalDaysInFirstWeek=1,ERA=1,YEAR=2022,MONTH=8,WEEK_OF_YEAR=38,WEEK_OF_MONTH=3,DAY_OF_MONTH=15,DAY_OF_YEAR=258,DAY_OF_WEEK=5,DAY_OF_WEEK_IN_MONTH=3,AM_PM=0,HOUR=11,HOUR_OF_DAY=11,MINUTE=59,SECOND=23,MILLISECOND=949,ZONE_OFFSET=19800000,DST_OFFSET=0] >= java.util.GregorianCalendar[time=1663223353897,areFieldsSet=true,areAllFieldsSet=true,lenient=true,zone=java.util.SimpleTimeZone[id=UTC,offset=0,dstSavings=3600000,useDaylight=false,startYear=0,startMode=0,startMonth=0,startDay=0,startDayOfWeek=0,startTime=0,startTimeMode=0,endMode=0,endMonth=0,endDay=0,endDayOfWeek=0,endTime=0,endTimeMode=0],firstDayOfWeek=1,minimalDaysInFirstWeek=1,ERA=1,YEAR=2022,MONTH=8,WEEK_OF_YEAR=38,WEEK_OF_MONTH=3,DAY_OF_MONTH=15,DAY_OF_YEAR=258,DAY_OF_WEEK=5,DAY_OF_WEEK_IN_MONTH=3,AM_PM=0,HOUR=6,HOUR_OF_DAY=6,MINUTE=29,SECOND=13,MILLISECOND=897,ZONE_OFFSET=0,DST_OFFSET=0]).
15.09.2022 11:58:23.949 *INFO* [qtp2135073923-4805] com.adobe.granite.auth.saml.SamlAuthenticationHandler Login failed. SAML token invalid.
15.09.2022 11:58:23.950 *INFO* [qtp2135073923-4805] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token
15.09.2022 11:58:24.074 *DEBUG* [qtp2135073923-4789] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.
15.09.2022 11:58:24.076 *DEBUG* [qtp2135073923-4758] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.
15.09.2022 11:58:24.103 *DEBUG* [qtp2135073923-4795] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.
15.09.2022 11:58:24.103 *DEBUG* [qtp2135073923-4804] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.

 

I have generated keystore and uploaded at global truestore, same generated alias mapped with authentication handler.

 

Not able to resolve issue, any help will be apprecaited. 

2 Replies

Avatar

Level 2

Hi @arunpatidar ,

 

Since my idp is keycloak so won't go through second link https://docs.mktossl.com/docs/experience-cloud-kcs/kbarticles/KA-17481.html?lang=en  for SSOCircle, however I tried with all suggestions which are inside first link https://blogs.perficient.com/2019/06/24/simple-local-saml-integration-with-aem-gotchas/ but still no luck, getting below error in saml.log

15.09.2022 17:57:53.162 *DEBUG* [qtp2135073923-5095] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.
15.09.2022 17:57:56.458 *DEBUG* [qtp2135073923-5203] com.adobe.granite.auth.saml.util.SamlReader Signature verification failed for [saml:Assertion: null]. No signature.
15.09.2022 17:57:56.459 *DEBUG* [qtp2135073923-5203] com.adobe.granite.auth.saml.model.Assertion Invalid Assertion: notOnOrAfter violated:
15.09.2022 17:57:56.459 *INFO* [qtp2135073923-5203] com.adobe.granite.auth.saml.SamlAuthenticationHandler Login failed. SAML token invalid.
15.09.2022 17:57:56.459 *INFO* [qtp2135073923-5203] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token
15.09.2022 17:57:56.610 *DEBUG* [qtp2135073923-5095] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.