SOLVED
SAML Login: Invalid Token Error [PingID]
We are in the process of integrating SAML login using SAML Handler for one of our websites. The login process works correctly at the SAML provider (PingID) end. However, once redirection to our AEM site, we encounter an "invalid token" error at this URL:
https://aem-community.com/libs/granite/core/content/login.error.html?j_reason=invalid_token.
Upon investigating the error logs, we came across the following error:
org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed
Can anyone guide us how to resolve the issue?
1 Accepted Solution
Correct answer by
Can you expand on what it means "the login process works correctly", does it mean that you are logged in but it is just not redirecting to a valid page? Also, did you check these posts? https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/com-adobe-granite-auth-sam...
Esteban Bustamante
Correct answer by
Can you expand on what it means "the login process works correctly", does it mean that you are logged in but it is just not redirecting to a valid page? Also, did you check these posts? https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/com-adobe-granite-auth-sam...
Esteban Bustamante
"The login process works correctly" means SAML provider (PingID) response SAML attributes as expected. Issue seems related to the certificate stored in the truststore. We may need to delete and re-upload the new idp_cert as recommended here https://experienceleague.adobe.com/docs/experience-cloud-kcs/kbarticles/KA-17476.html.
