SAML Grammar response Error/Warning Java 8

Avatar

Avatar

bobkranson

Avatar

bobkranson

bobkranson

12-06-2017

After updating to Java 8 we are seeing the following messages appearing in stdout.log when using SAML authentication.

Error: URI=null Line=1: Document is invalid: no grammar found.

Error: URI=null Line=1: Document root element "samlp:Response", must match DOCTYPE root "null".

Warning: validation was turned on but an org.xml.sax.ErrorHandler was not set, which is probably not what is desired.  Parser will use a default ErrorHandler to print the first 0 errors.  Please call the setErrorHandler method to fix this.

We have validated the response contents and do not see anything different or unusual.  Asking the community here if anyone else has seen this or knows of a fix?

AEM 6.1 sp2, Java 8u103

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

MC_Stuff

Avatar

MC_Stuff

MC_Stuff

12-06-2017

Hi Bob,

You can ignore the error. It needs product code change to turn off validation Or have implement EntityResolver due to changes in XML parsing at platform level.  The functionality will continue to work but log is annoying.  You can ask official support request to fix the same but you can safely ignore that message & will not have any side affects.

Thanks,

Answers (7)

Answers (7)

Avatar

Avatar

venkatasaikiran

Avatar

venkatasaikiran

venkatasaikiran

26-07-2018

Hi Anushap ,

*ERROR* [qtp786583214-108] com.adobe.granite.auth.saml.util.SamlReader Document is invalid: no grammar found.

*ERROR* [qtp786583214-108] com.adobe.granite.auth.saml.util.SamlReader Document root element "samlp:Response", must match DOCTYPE root "null"

AS SAID ABOVE :-

You can ignore the error. It needs product code change to turn off validation Or have implement EntityResolver due to changes in XML parsing at platform level.

Even though if you see this errors in the log, the SAML still works and those errors could be ignored .

If you still face any error from SAML side I can help you .

Thanks ,

Sai Kiran .

Avatar

Avatar

anushap40132887

Avatar

anushap40132887

anushap40132887

12-06-2018

Were you able to resolve this issue? I am facing the same error and login fails

Avatar

Avatar

venkatasaikiran

Avatar

venkatasaikiran

venkatasaikiran

20-03-2018

Hi bob ,

*ERROR* [qtp786583214-108] com.adobe.granite.auth.saml.util.SamlReader Document is invalid: no grammar found.

*ERROR* [qtp786583214-108] com.adobe.granite.auth.saml.util.SamlReader Document root element "samlp:Response", must match DOCTYPE root "null".

I am dealing with there two errors in saml integration and I am not able access my login page . I have all urls and all certificates corrent in AEM but when I am hitting my LOGIN URL I am not able to LOGIN .

Please help me with this, thanks in advance .

Sai Kiran. 

Avatar

Avatar

Prakash_CQ

Avatar

Prakash_CQ

Prakash_CQ

12-12-2017

I think your idp certs are not installed correctly

You need to install certs in trust store

  1. Get the IdP public certificate from SAML team and Add that  to AEM truststore

ex certalias = certalias___1509993429769

Close dialogue and save user configurations

update the certalias in SAML authentication handler

Avatar

Avatar

federicos727792

Avatar

federicos727792

federicos727792

10-12-2017

Have a look at SAML 2.0 Authentication Handler

There's a section about creating a saml logger. Debug entries should tell what's wrong.

Avatar

Avatar

bobkranson

Avatar

bobkranson

bobkranson

14-11-2017

This is your SAML token is not configured correctly.  However you configured the SAML OSGi configuration is not right.  The first two lines are the same as my original post, which are okay to ignore, but the third line says your token is not right.   That is a bit too detailed and far down for any advice from myself.  Check your SAML configuration settings and try other tweaks and settings according to documentation, otherwise you will need to request support.

Avatar

Avatar

esjp2000

Avatar

esjp2000

esjp2000

13-11-2017

I am getting similar error on AEM 6.3.0 during Sngle Sign-On and login fails and using jdk1.8.0_152. Any help will be appreciated.

13.11.2017 20:09:57.314 *ERROR* [qtp483534205-45475] com.adobe.granite.auth.saml.util.SamlReader Document is invalid: no grammar found.

13.11.2017 20:09:57.314 *ERROR* [qtp483534205-45475] com.adobe.granite.auth.saml.util.SamlReader Document root element "samlp:Response", must match DOCTYPE root "null".

13.11.2017 20:09:57.317 *INFO* [qtp483534205-45475] com.adobe.granite.auth.saml.SamlAuthenticationHandler Login failed. SAML token invalid.

13.11.2017 20:09:57.318 *INFO* [qtp483534205-45475] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML error with reason: invalid_token detected, redirect user to: /libs/granite/core/content/login.error.html?j_reason=invalid_token

13.11.2017 20:09:57.318 *ERROR* [qtp483534205-45475] org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed

13.11.2017 20:09:58.132 *INFO* [qtp483534205-41605] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials