Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
SOLVED

SAML Login: Invalid Token Error [PingID]

Avatar

Community Advisor

We are in the process of integrating SAML login using SAML Handler for one of our websites. The login process works correctly at the SAML provider (PingID) end. However, once redirection to our AEM site, we encounter an "invalid token" error at this URL: 
https://aem-community.com/libs/granite/core/content/login.error.html?j_reason=invalid_token.

Upon investigating the error logs, we came across the following error:
org.apache.sling.auth.core.impl.SlingAuthenticator doLogin: Cannot login: Response already committed

Can anyone guide us how to resolve the issue?

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Can you expand on what it means "the login process works correctly", does it mean that you are logged in but it is just not redirecting to a valid page? Also, did you check these posts? https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/com-adobe-granite-auth-sam... 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/saml-aem-infinite-loop/td-...



Esteban Bustamante

View solution in original post

2 Replies

Avatar

Correct answer by
Community Advisor

Can you expand on what it means "the login process works correctly", does it mean that you are logged in but it is just not redirecting to a valid page? Also, did you check these posts? https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/com-adobe-granite-auth-sam... 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/saml-aem-infinite-loop/td-...



Esteban Bustamante

Avatar

Community Advisor

Hi @EstebanBustamante,

"The login process works correctly" means SAML provider (PingID) response SAML attributes as expected. Issue seems related to the certificate stored in the truststore. We may need to delete and re-upload the new idp_cert as recommended here https://experienceleague.adobe.com/docs/experience-cloud-kcs/kbarticles/KA-17476.html.