Level 2

Solved

saml_login is not modifiable

Forum|Forum|2 years ago
June 2, 2023
6 replies
3019 views

Hello! So this has been working for the longest time for me our SAML services had no issues. Recently my EC2 instance seems to have crashed or had a full reboot and now the SAML handler page is returning not modifiable. I have confirmed that the servlet is being resolved when I put the path in. I checked my Sling Referrer Filter and it has all the external resources and allows them. I'm kind of stuck now and just trying to roam around the configurations and site to see what might be the issue. Hoping that someone here could help! Cheers!

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Kerryu1

Just wanted to provide an update just in case someone else might be having this issue. I traced the issue back to it possibly being a CSRF issue. Turning off the CSRF filter for post calls had fixed the problem and it works without issue now.

K

Kerryu1Author

Level 2

02.06.2023 03:32:43.685 *WARN* [216.8.156.109 [1685676763683] POST /content/ghosti/en/saml_login HTTP/1.1] com.day.cq.wcm.core.impl.components.ComponentCacheImpl Requested Path /content/ghosti/en/saml_login.servlet is not in available search paths
02.06.2023 03:32:43.686 *ERROR* [216.8.156.109 [1685676763683] POST /content/ghosti/en/saml_login HTTP/1.1] org.apache.sling.servlets.post.impl.operations.ModifyOperation Exception during response processing.
javax.jcr.RepositoryException: org.apache.sling.api.resource.PersistenceException: Resource at '/content/ghosti/en/saml_login' is not modifiable.
	at org.apache.sling.servlets.post.impl.operations.ModifyOperation.doRun(ModifyOperation.java:113)
	at org.apache.sling.servlets.post.AbstractPostOperation.run(AbstractPostOperation.java:97)
	at org.apache.sling.servlets.post.impl.SlingPostServlet.doPost(SlingPostServlet.java:205)
	at org.apache.sling.api.servlets.SlingAllMethodsServlet.mayService(SlingAllMethodsServlet.java:149)
	at org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:346)
	at org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:378)
	at org.apache.sling.engine.impl.request.RequestData.service(RequestData.java:552)
	at org.apache.sling.engine.impl.filter.SlingComponentFilterChain.render(SlingComponentFilterChain.java:44)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:77)
	at com.day.cq.wcm.core.impl.WCMDebugFilter.doFilter(WCMDebugFilter.java:138)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.wcm.core.impl.WCMComponentFilter.filterRootInclude(WCMComponentFilter.java:375)
	at com.day.cq.wcm.core.impl.WCMComponentFilter.doFilter(WCMComponentFilter.java:190)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.wcm.core.impl.PageLockFilter.doFilter(PageLockFilter.java:91)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.personalization.impl.TargetComponentFilter.doFilter(TargetComponentFilter.java:96)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at org.apache.sling.engine.impl.SlingRequestProcessorImpl.processComponent(SlingRequestProcessorImpl.java:282)
	at org.apache.sling.engine.impl.filter.RequestSlingFilterChain.render(RequestSlingFilterChain.java:49)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:71)
	at com.adobe.cq.social.ugcbase.security.impl.SaferSlingPostServlet.doFilter(SaferSlingPostServlet.java:126)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.dam.core.impl.assetlinkshare.AdhocAssetShareAuthHandler.doFilter(AdhocAssetShareAuthHandler.java:437)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:73)
	at com.day.cq.dam.core.impl.servlet.ActivityRecordHandler.doFilter(ActivityRecordHandler.java:154)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.adobe.granite.rest.impl.servlet.ApiResourceFilter.doFilter(ApiResourceFilter.java:70)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.adobe.granite.requests.logging.impl.RequestLoggerImpl.doFilter(RequestLoggerImpl.java:126)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.adobe.granite.rest.assets.impl.AssetContentDispositionFilter.doFilter(AssetContentDispositionFilter.java:96)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.adobe.granite.csrf.impl.CSRFFilter.doFilter(CSRFFilter.java:217)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at org.apache.sling.security.impl.ContentDispositionFilter.doFilter(ContentDispositionFilter.java:180)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.wcm.core.impl.AuthoringUIModeServiceImpl.doFilter(AuthoringUIModeServiceImpl.java:292)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.wcm.mobile.core.impl.redirect.RedirectFilter.doFilter(RedirectFilter.java:248)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.community.grid.core.filters.LoggingFilter.doFilter(LoggingFilter.java:56)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter.doFilter(RequestProgressTrackerLogFilter.java:107)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.adobe.cq.social.commons.cors.CORSAuthenticationFilter.doFilter(CORSAuthenticationFilter.java:91)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.wcm.foundation.forms.FormsHandlingServletHelper.handleFilter(FormsHandlingServletHelper.java:221)
	at com.day.cq.wcm.foundation.forms.impl.FormsHandlingServlet.doFilter(FormsHandlingServlet.java:138)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.adobe.granite.optout.impl.OptOutFilter.doFilter(OptOutFilter.java:76)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.wcm.foundation.forms.FormsHandlingServletHelper.handleFilter(FormsHandlingServletHelper.java:221)
	at com.adobe.cq.wcm.core.components.internal.servlets.CoreFormHandlingServlet.doFilter(CoreFormHandlingServlet.java:131)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.day.cq.wcm.core.impl.WCMRequestFilter.doFilter(WCMRequestFilter.java:90)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.adobe.cq.mcm.campaign.servlets.CampaignCopyTracker.doFilter(CampaignCopyTracker.java:100)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at org.apache.sling.rewriter.impl.RewriterFilter.doFilter(RewriterFilter.java:83)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at com.adobe.granite.httpcache.impl.InnerCacheFilter.doFilter(InnerCacheFilter.java:81)
	at com.adobe.granite.httpcache.impl.InnerCacheFilter.doFilter(InnerCacheFilter.java:60)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:131)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:73)
	at com.adobe.granite.resourceresolverhelper.impl.ResourceResolverHelperImpl.doFilter(ResourceResolverHelperImpl.java:83)
	at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
	at org.apache.sling.engine.impl.SlingRequestProcessorImpl.doProcessRequest(SlingRequestProcessorImpl.java:151)
	at org.apache.sling.engine.impl.SlingMainServlet.service(SlingMainServlet.java:219)
	at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:85)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:79)
	at com.adobe.granite.cors.impl.CORSHandler.doFilter(CORSHandler.java:118)
	at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
	at com.adobe.granite.license.impl.LicenseCheckFilter.doFilter(LicenseCheckFilter.java:308)
	at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
	at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:96)
	at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
	at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:295)
	at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
	at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:131)
	at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
	at org.apache.sling.featureflags.impl.FeatureManager.doFilter(FeatureManager.java:116)
	at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
	at org.apache.sling.engine.impl.log.RequestLoggerFilter.doFilter(RequestLoggerFilter.java:72)
	at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
	at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:127)
	at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
	at org.eclipse.jetty.server.Server.handle(Server.java:499)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:258)
	at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.sling.api.resource.PersistenceException: Resource at '/content/ghosti/en/saml_login' is not modifiable.
	at org.apache.sling.servlets.post.impl.helper.SlingPropertyValueHandler.setProperty(SlingPropertyValueHandler.java:152)
	at org.apache.sling.servlets.post.impl.operations.ModifyOperation.writeContent(ModifyOperation.java:411)
	at org.apache.sling.servlets.post.impl.operations.ModifyOperation.doRun(ModifyOperation.java:101)
	... 114 common frames omitted

rawvarun

Community Advisor

Error code 500 suggests something is breaking at the AEM end.

Kindly, check AEM and dispatcher logs for errors.

K

Kerryu1Author

Level 2

Hi there! I've included the error found in the AEM error logs above. It seems like that's the only error showing up.

K

Kerryu1Author

Level 2

Still having this issue, trying to fix it but can't seem to figure it out. Tried many of the solutions out there, I know I fixed this before but I forgot to document it sadly and it's been over a year.

krishna_garikapati

Level 3

Were permissions to references look good?

K

Kerryu1Author

Level 2

I've went into AEM Security to see if the group permissions had read setup to the content folder and it does, I'm not too sure where I should be assigning write permissions too because saml_login is not an actual path in the project since it's bound by the servlet. Although whenever I try to make any modifications to the permissions it gives me "unspecified error". I'll keep trying to mess around with it.

K

Kerryu1AuthorAccepted solution

Level 2

Just wanted to provide an update just in case someone else might be having this issue. I traced the issue back to it possibly being a CSRF issue. Turning off the CSRF filter for post calls had fixed the problem and it works without issue now.

P

prsn1034

Level 2

hi @kerryu1, I have also face this exact issue recently and in my case, it was the certificate alias which was mismatching i.e. the alias from Truststore console was different than the one configured in the SAML OSGI configuration.

Thanks for posting the question and answers.

M

MateuszPi

In my case it turned out that the user group had insufficient permissions to the path that IDP redirected me to.

E.G. when IDP redirects you to /content/saml_login, check the /content permissions.

Logs did not say anything, so it's worth to check that too.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded