This conversation has been locked due to inactivity. Please create a new post.
Get ready! An upgraded Experience League Community experience is coming in January.
SOLVED
SAML Login: Invalid Token Error [PingID]
We are in the process of integrating SAML login using SAML Handler for one of our websites. The login process works correctly at the SAML provider (PingID) end. However, once redirection to our AEM site, we encounter an "invalid token" error at this URL:
https://aem-community.com/libs/granite/core/content/login.error.html?j_reason=invalid_token.
Upon investigating the error logs, we came across the following error:
org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed
Can anyone guide us how to resolve the issue?
Mahedi Sabuj
1 Accepted Solution
Correct answer by
Can you expand on what it means "the login process works correctly", does it mean that you are logged in but it is just not redirecting to a valid page? Also, did you check these posts? https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/com-adobe-granite-auth-sam...
Esteban Bustamante
Correct answer by
Can you expand on what it means "the login process works correctly", does it mean that you are logged in but it is just not redirecting to a valid page? Also, did you check these posts? https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/com-adobe-granite-auth-sam...
Esteban Bustamante
"The login process works correctly" means SAML provider (PingID) response SAML attributes as expected. Issue seems related to the certificate stored in the truststore. We may need to delete and re-upload the new idp_cert as recommended here https://experienceleague.adobe.com/docs/experience-cloud-kcs/kbarticles/KA-17476.html.
Mahedi Sabuj
Related Conversations
