SAML login in AEM6.1 ended up with 500 not modifiable error and some times infinite loop

Forum|Forum|9 years ago
April 6, 2016
9 replies
7128 views

Am trying to do a SAML login configuration with OKTA, am able to get the SAML assertion from OKTA after the login but when i comes back to the AEM ended up with the below error. And also some times am ended up with infinite loop. Does any one has done the SAML successfully with OKTA give some limelight over here.

Even i have configured the SAML redirect to my AEM with content/xyz/pages/saml_login

06.04.2016 16:03:24.455 *ERROR* [0:0:0:0:0:0:0:1 [1459938804446] POST /content/geometrix/ae/en/pages/index/saml_login HTTP/1.1] org.apache.sling.servlets.post.impl.operations.ModifyOperation Exception during response processing. javax.jcr.RepositoryException: org.apache.sling.api.resource.PersistenceException: Resource at '/content/etihadguest/ae/en/pages/index/saml_login' is not modifiable.

Thank you.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Kkkrish

Thank you. This got solved after correcting the "Service Provided Entity ID"

Tuhin_Ghosh

Level 8

please look into this below link. This might help.

http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manager.topic.1.html/forum__9obl-i_am_tryingtoconfi.html#forum__9obl-i_am_tryingtoconfi__3fcs-hikanwaljitwew

A

abhishekb

Level 3

How does your SAML handler config look like ? can you pls share some info.

K

KkkrishAuthorAccepted solution

Level 4

Thank you. This got solved after correcting the "Service Provided Entity ID"

rohank77088872

Hi,

we are also getting the same issue.

But we are sure that the service provider entity id is correct

Any idea what we are missing

We are using AEM 6.3

Gunalan_V

Level 3

Hey,

Did you get this issue resolved in AEM 6.3?

Thanks,

GVK

Pablo_Larrosa-R

Level 2

Hi,

I'm having the same issue with AEM 6.4,

Did someone find the solution for this ( besides the service provider entity id, already check that) ??

Thanks in advance for your help

atout100204180

FWIW I ran across this same issue on 6.5 with a 500 error and it was not due to the entity id, here was my resolution:

make sure your SAML assertion url (assertionConsumerServiceURL) is beneath your path (path)
- so if your path is /content/somepage
- then your assertion url needs to be: https://yoursite.net/content/somepage/saml_login
- the IDP MUST also have this URL configured correctly.
Make sure your dispatcher is set up correctly, I needed the following
- /0031 { /method "POST" /url "*/saml_login" }
- /0032 { /type "allow" /url "*/saml_login" }
- /0033 { /type "allow" /path "/saml_login*" }
Make sure Sling Referrer Filter has the IDP listed
Make sure you have added your path to the Sling Authentication service if it is not already
- IE: +/content/somepage
Lastly, on my instance the "everyone" user did not have access to read "/" - enable this.