Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

[AEM Gems Webinar] Accelerating Experience Manager as a Cloud Service development with Rapid Development Environments

SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token

Avatar

Level 2

Hi,

 

I always get below error message,

 

kumamanish_0-1663223461483.png

 

IDP- Keycloak ( http://localhost:8180/auth/realms/aem)

IDP Client - aem-app

 

SP - AEM(http://localhost:4502)

SP-SAML-CONFIG - Authentication Handler 

kumamanish_1-1663223688068.png

 

Logs:

- saml.log:-

--------------

15.09.2022 11:57:38.092 *DEBUG* [qtp2135073923-4803] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.
15.09.2022 11:58:23.949 *DEBUG* [qtp2135073923-4805] com.adobe.granite.auth.saml.util.SamlReader Signature verification failed for [saml:Assertion: null]. No signature.
15.09.2022 11:58:23.949 *DEBUG* [qtp2135073923-4805] com.adobe.granite.auth.saml.model.Assertion Invalid Assertion: notOnOrAfter violated: (java.util.GregorianCalendar[time=1663223363949,areFieldsSet=true,areAllFieldsSet=true,lenient=true,zone=sun.util.calendar.ZoneInfo[id="Asia/Calcutta",offset=19800000,dstSavings=0,useDaylight=false,transitions=7,lastRule=null],firstDayOfWeek=1,minimalDaysInFirstWeek=1,ERA=1,YEAR=2022,MONTH=8,WEEK_OF_YEAR=38,WEEK_OF_MONTH=3,DAY_OF_MONTH=15,DAY_OF_YEAR=258,DAY_OF_WEEK=5,DAY_OF_WEEK_IN_MONTH=3,AM_PM=0,HOUR=11,HOUR_OF_DAY=11,MINUTE=59,SECOND=23,MILLISECOND=949,ZONE_OFFSET=19800000,DST_OFFSET=0] >= java.util.GregorianCalendar[time=1663223353897,areFieldsSet=true,areAllFieldsSet=true,lenient=true,zone=java.util.SimpleTimeZone[id=UTC,offset=0,dstSavings=3600000,useDaylight=false,startYear=0,startMode=0,startMonth=0,startDay=0,startDayOfWeek=0,startTime=0,startTimeMode=0,endMode=0,endMonth=0,endDay=0,endDayOfWeek=0,endTime=0,endTimeMode=0],firstDayOfWeek=1,minimalDaysInFirstWeek=1,ERA=1,YEAR=2022,MONTH=8,WEEK_OF_YEAR=38,WEEK_OF_MONTH=3,DAY_OF_MONTH=15,DAY_OF_YEAR=258,DAY_OF_WEEK=5,DAY_OF_WEEK_IN_MONTH=3,AM_PM=0,HOUR=6,HOUR_OF_DAY=6,MINUTE=29,SECOND=13,MILLISECOND=897,ZONE_OFFSET=0,DST_OFFSET=0]).
15.09.2022 11:58:23.949 *INFO* [qtp2135073923-4805] com.adobe.granite.auth.saml.SamlAuthenticationHandler Login failed. SAML token invalid.
15.09.2022 11:58:23.950 *INFO* [qtp2135073923-4805] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token
15.09.2022 11:58:24.074 *DEBUG* [qtp2135073923-4789] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.
15.09.2022 11:58:24.076 *DEBUG* [qtp2135073923-4758] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.
15.09.2022 11:58:24.103 *DEBUG* [qtp2135073923-4795] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.
15.09.2022 11:58:24.103 *DEBUG* [qtp2135073923-4804] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.

 

I have generated keystore and uploaded at global truestore, same generated alias mapped with authentication handler.

 

Not able to resolve issue, any help will be apprecaited. 

2 Replies

Avatar

Level 2

Hi @arunpatidar ,

 

Since my idp is keycloak so won't go through second link https://docs.mktossl.com/docs/experience-cloud-kcs/kbarticles/KA-17481.html?lang=en  for SSOCircle, however I tried with all suggestions which are inside first link https://blogs.perficient.com/2019/06/24/simple-local-saml-integration-with-aem-gotchas/ but still no luck, getting below error in saml.log

15.09.2022 17:57:53.162 *DEBUG* [qtp2135073923-5095] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.
15.09.2022 17:57:56.458 *DEBUG* [qtp2135073923-5203] com.adobe.granite.auth.saml.util.SamlReader Signature verification failed for [saml:Assertion: null]. No signature.
15.09.2022 17:57:56.459 *DEBUG* [qtp2135073923-5203] com.adobe.granite.auth.saml.model.Assertion Invalid Assertion: notOnOrAfter violated:
15.09.2022 17:57:56.459 *INFO* [qtp2135073923-5203] com.adobe.granite.auth.saml.SamlAuthenticationHandler Login failed. SAML token invalid.
15.09.2022 17:57:56.459 *INFO* [qtp2135073923-5203] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token
15.09.2022 17:57:56.610 *DEBUG* [qtp2135073923-5095] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.