Expand my Community achievements bar.

SOLVED

saml_login is not modifiable

Avatar

Level 2

Hello! So this has been working for the longest time for me our SAML services had no issues. Recently my EC2 instance seems to have crashed or had a full reboot and now the SAML handler page is returning not modifiable. I have confirmed that the servlet is being resolved when I put the path in. I checked my Sling Referrer Filter and it has all the external resources and allows them. I'm kind of stuck now and just trying to roam around the configurations and site to see what might be the issue. Hoping that someone here could help! Cheers!

 

Kerryu1_0-1685737813742.png

Kerryu1_1-1685737995716.png

 

 

1 Accepted Solution

Avatar

Correct answer by
Level 2

Just wanted to provide an update just in case someone else might be having this issue. I traced the issue back to it possibly being a CSRF issue. Turning off the CSRF filter for post calls had fixed the problem and it works without issue now.

View solution in original post

13 Replies

Avatar

Level 2
02.06.2023 03:32:43.685 *WARN* [216.8.156.109 [1685676763683] POST /content/ghosti/en/saml_login HTTP/1.1] com.day.cq.wcm.core.impl.components.ComponentCacheImpl Requested Path /content/ghosti/en/saml_login.servlet is not in available search paths
02.06.2023 03:32:43.686 *ERROR* [216.8.156.109 [1685676763683] POST /content/ghosti/en/saml_login HTTP/1.1] org.apache.sling.servlets.post.impl.operations.ModifyOperation Exception during response processing.
javax.jcr.RepositoryException: org.apache.sling.api.resource.PersistenceException: Resource at '/content/ghosti/en/saml_login' is not modifiable.
	at org.apache.sling.servlets.post.impl.operations.ModifyOperation.doRun(ModifyOperation.java:113)
	at org.apache.sling.servlets.post.AbstractPostOperation.run(AbstractPostOperation.java:97)
	at org.apache.sling.servlets.post.impl.SlingPostServlet.doPost(SlingPostServlet.java:205)
	at org.apache.sling.api.servlets.SlingAllMethodsServlet.mayService(SlingAllMethodsServlet.java:149)
	at org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:346)
	at org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:378)
	at org.apache.sling.engine.impl.request.RequestData.service(RequestData.java:552)
	at org.apache.sling.engine.impl.filter.SlingComponentFilterChain.render(SlingComponentFilterChain.java:44)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:77)
	at com.day.cq.wcm.core.impl.WCMDebugFilter.doFilter(WCMDebugFilter.java:138)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.wcm.core.impl.WCMComponentFilter.filterRootInclude(WCMComponentFilter.java:375)
	at com.day.cq.wcm.core.impl.WCMComponentFilter.doFilter(WCMComponentFilter.java:190)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.wcm.core.impl.PageLockFilter.doFilter(PageLockFilter.java:91)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.personalization.impl.TargetComponentFilter.doFilter(TargetComponentFilter.java:96)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at org.apache.sling.engine.impl.SlingRequestProcessorImpl.processComponent(SlingRequestProcessorImpl.java:282)
	at org.apache.sling.engine.impl.filter.RequestSlingFilterChain.render(RequestSlingFilterChain.java:49)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:71)
	at com.adobe.cq.social.ugcbase.security.impl.SaferSlingPostServlet.doFilter(SaferSlingPostServlet.java:126)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.dam.core.impl.assetlinkshare.AdhocAssetShareAuthHandler.doFilter(AdhocAssetShareAuthHandler.java:437)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:73)
	at com.day.cq.dam.core.impl.servlet.ActivityRecordHandler.doFilter(ActivityRecordHandler.java:154)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.adobe.granite.rest.impl.servlet.ApiResourceFilter.doFilter(ApiResourceFilter.java:70)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.adobe.granite.requests.logging.impl.RequestLoggerImpl.doFilter(RequestLoggerImpl.java:126)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.adobe.granite.rest.assets.impl.AssetContentDispositionFilter.doFilter(AssetContentDispositionFilter.java:96)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.adobe.granite.csrf.impl.CSRFFilter.doFilter(CSRFFilter.java:217)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at org.apache.sling.security.impl.ContentDispositionFilter.doFilter(ContentDispositionFilter.java:180)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.wcm.core.impl.AuthoringUIModeServiceImpl.doFilter(AuthoringUIModeServiceImpl.java:292)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.wcm.mobile.core.impl.redirect.RedirectFilter.doFilter(RedirectFilter.java:248)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.community.grid.core.filters.LoggingFilter.doFilter(LoggingFilter.java:56)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter.doFilter(RequestProgressTrackerLogFilter.java:107)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.adobe.cq.social.commons.cors.CORSAuthenticationFilter.doFilter(CORSAuthenticationFilter.java:91)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.wcm.foundation.forms.FormsHandlingServletHelper.handleFilter(FormsHandlingServletHelper.java:221)
	at com.day.cq.wcm.foundation.forms.impl.FormsHandlingServlet.doFilter(FormsHandlingServlet.java:138)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.adobe.granite.optout.impl.OptOutFilter.doFilter(OptOutFilter.java:76)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.wcm.foundation.forms.FormsHandlingServletHelper.handleFilter(FormsHandlingServletHelper.java:221)
	at com.adobe.cq.wcm.core.components.internal.servlets.CoreFormHandlingServlet.doFilter(CoreFormHandlingServlet.java:131)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.wcm.core.impl.WCMRequestFilter.doFilter(WCMRequestFilter.java:90)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.adobe.cq.mcm.campaign.servlets.CampaignCopyTracker.doFilter(CampaignCopyTracker.java:100)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at org.apache.sling.rewriter.impl.RewriterFilter.doFilter(RewriterFilter.java:83)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.adobe.granite.httpcache.impl.InnerCacheFilter.doFilter(InnerCacheFilter.java:81)
	at com.adobe.granite.httpcache.impl.InnerCacheFilter.doFilter(InnerCacheFilter.java:60)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:131)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:73)
	at com.adobe.granite.resourceresolverhelper.impl.ResourceResolverHelperImpl.doFilter(ResourceResolverHelperImpl.java:83)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at org.apache.sling.engine.impl.SlingRequestProcessorImpl.doProcessRequest(SlingRequestProcessorImpl.java:151)
	at org.apache.sling.engine.impl.SlingMainServlet.service(SlingMainServlet.java:219)
	at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:85)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:79)
	at com.adobe.granite.cors.impl.CORSHandler.doFilter(CORSHandler.java:118)
	at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
	at com.adobe.granite.license.impl.LicenseCheckFilter.doFilter(LicenseCheckFilter.java:308)
	at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
	at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:96)
	at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
	at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:295)
	at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
	at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:131)
	at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
	at org.apache.sling.featureflags.impl.FeatureManager.doFilter(FeatureManager.java:116)
	at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
	at org.apache.sling.engine.impl.log.RequestLoggerFilter.doFilter(RequestLoggerFilter.java:72)
	at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
	at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:127)
	at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
	at org.eclipse.jetty.server.Server.handle(Server.java:499)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:258)
	at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.sling.api.resource.PersistenceException: Resource at '/content/ghosti/en/saml_login' is not modifiable.
	at org.apache.sling.servlets.post.impl.helper.SlingPropertyValueHandler.setProperty(SlingPropertyValueHandler.java:152)
	at org.apache.sling.servlets.post.impl.operations.ModifyOperation.writeContent(ModifyOperation.java:411)
	at org.apache.sling.servlets.post.impl.operations.ModifyOperation.doRun(ModifyOperation.java:101)
	... 114 common frames omitted

Avatar

Community Advisor

Error code 500 suggests something is breaking at the AEM end.

Kindly, check AEM and dispatcher logs for errors.

Avatar

Level 2

Hi there! I've included the error found in the AEM error logs above. It seems like that's the only error showing up.

Avatar

Level 2

Still having this issue, trying to fix it but can't seem to figure it out. Tried many of the solutions out there, I know I fixed this before but I forgot to document it sadly and it's been over a year.

Avatar

Level 2

I've went into AEM Security to see if the group permissions had read setup to the content folder and it does, I'm not too sure where I should be assigning write permissions too because saml_login is not an actual path in the project since it's bound by the servlet. Although whenever I try to make any modifications to the permissions it gives me "unspecified error". I'll keep trying to mess around with it. 

Avatar

Community Advisor

Hi @Kerryu1, please go through accepted answer provided on thread [1] for better understanding what causes the issue and how you can start debugging. You should also view the request trace provided in SAML tracer.

Adding to it, SAML handler only handle POST calls on paths which are configured to handle, /saml_login is a suffix. Double check if you have configured /content/ghosti/en/ in SAML handler.

[1] Solved: Resource at '/saml_login' is not modifiable. - Adobe Experience League Community - 444760

Avatar

Level 2

I have checked in my SAML handler and it's setup, I never hanged any of my settings and it randomly stopped working after a server machine reboot. I will try to trace the SAML but I believe I've already tried let me try that again.

Avatar

Community Advisor

@Kerryu1 : Please check that as well , if you need to install any certificates at AEM level.

 

Thanks 

Siva

Thanks,
Siva

Avatar

Level 2

So I've made a discovery, I turned off the CSRF filter for post requests and now it's working. Has to be something related to CSRF.

Avatar

Correct answer by
Level 2

Just wanted to provide an update just in case someone else might be having this issue. I traced the issue back to it possibly being a CSRF issue. Turning off the CSRF filter for post calls had fixed the problem and it works without issue now.

Avatar

Level 2

hi @Kerryu1, I have also face this exact issue recently and in my case, it was the certificate alias which was mismatching i.e. the alias from Truststore console was different than the one configured in the SAML OSGI configuration.

 

Thanks for posting the question and answers.

Avatar

Level 1

In my case it turned out that the user group had insufficient permissions to the path that IDP redirected me to.

 

E.G. when IDP redirects you to /content/saml_login, check the /content permissions.

Logs did not say anything, so it's worth to check that too.