Expand my Community achievements bar.

SOLVED

SAML Grammar response Error/Warning Java 8

Avatar

Level 4

After updating to Java 8 we are seeing the following messages appearing in stdout.log when using SAML authentication.

Error: URI=null Line=1: Document is invalid: no grammar found.

Error: URI=null Line=1: Document root element "samlp:Response", must match DOCTYPE root "null".

Warning: validation was turned on but an org.xml.sax.ErrorHandler was not set, which is probably not what is desired.  Parser will use a default ErrorHandler to print the first 0 errors.  Please call the setErrorHandler method to fix this.

We have validated the response contents and do not see anything different or unusual.  Asking the community here if anyone else has seen this or knows of a fix?

AEM 6.1 sp2, Java 8u103

1 Accepted Solution

Avatar

Correct answer by
Level 9

Hi Bob,

You can ignore the error. It needs product code change to turn off validation Or have implement EntityResolver due to changes in XML parsing at platform level.  The functionality will continue to work but log is annoying.  You can ask official support request to fix the same but you can safely ignore that message & will not have any side affects.

Thanks,

View solution in original post

8 Replies

Avatar

Correct answer by
Level 9

Hi Bob,

You can ignore the error. It needs product code change to turn off validation Or have implement EntityResolver due to changes in XML parsing at platform level.  The functionality will continue to work but log is annoying.  You can ask official support request to fix the same but you can safely ignore that message & will not have any side affects.

Thanks,

Avatar

Level 1

I am getting similar error on AEM 6.3.0 during Sngle Sign-On and login fails and using jdk1.8.0_152. Any help will be appreciated.

13.11.2017 20:09:57.314 *ERROR* [qtp483534205-45475] com.adobe.granite.auth.saml.util.SamlReader Document is invalid: no grammar found.

13.11.2017 20:09:57.314 *ERROR* [qtp483534205-45475] com.adobe.granite.auth.saml.util.SamlReader Document root element "samlp:Response", must match DOCTYPE root "null".

13.11.2017 20:09:57.317 *INFO* [qtp483534205-45475] com.adobe.granite.auth.saml.SamlAuthenticationHandler Login failed. SAML token invalid.

13.11.2017 20:09:57.318 *INFO* [qtp483534205-45475] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token

13.11.2017 20:09:57.318 *ERROR* [qtp483534205-45475] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed

13.11.2017 20:09:58.132 *INFO* [qtp483534205-41605] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

Avatar

Level 4

This is your SAML token is not configured correctly.  However you configured the SAML OSGi configuration is not right.  The first two lines are the same as my original post, which are okay to ignore, but the third line says your token is not right.   That is a bit too detailed and far down for any advice from myself.  Check your SAML configuration settings and try other tweaks and settings according to documentation, otherwise you will need to request support.

Avatar

Level 3

Have a look at SAML 2.0 Authentication Handler

There's a section about creating a saml logger. Debug entries should tell what's wrong.

Avatar

Level 1

I think your idp certs are not installed correctly

You need to install certs in trust store

  1. Get the IdP public certificate from SAML team and Add that  to AEM truststore

ex certalias = certalias___1509993429769

Close dialogue and save user configurations

update the certalias in SAML authentication handler

Avatar

Level 1

Hi bob ,

*ERROR* [qtp786583214-108] com.adobe.granite.auth.saml.util.SamlReader Document is invalid: no grammar found.

*ERROR* [qtp786583214-108] com.adobe.granite.auth.saml.util.SamlReader Document root element "samlp:Response", must match DOCTYPE root "null".

I am dealing with there two errors in saml integration and I am not able access my login page . I have all urls and all certificates corrent in AEM but when I am hitting my LOGIN URL I am not able to LOGIN .

Please help me with this, thanks in advance .

Sai Kiran. 

Avatar

Level 4

Were you able to resolve this issue? I am facing the same error and login fails

Avatar

Level 1

Hi Anushap ,

*ERROR* [qtp786583214-108] com.adobe.granite.auth.saml.util.SamlReader Document is invalid: no grammar found.

*ERROR* [qtp786583214-108] com.adobe.granite.auth.saml.util.SamlReader Document root element "samlp:Response", must match DOCTYPE root "null"

AS SAID ABOVE :-

You can ignore the error. It needs product code change to turn off validation Or have implement EntityResolver due to changes in XML parsing at platform level.

Even though if you see this errors in the log, the SAML still works and those errors could be ignored .

If you still face any error from SAML side I can help you .

Thanks ,

Sai Kiran .