Highlighted

SamlAuthenticationHandler Unknown reason found: User name and password do not match

Avatar

Avatar

ignaciomancillanxt

Avatar

ignaciomancillanxt

ignaciomancillanxt

11-08-2020

Hi there, 

 

i'm trying to implement a new SAML configuration into our environment. Here you have the situation:

 

1. There are already 4 sites using SAML authentication working perfectly

2. They are using the same service (ADFS)

3. A new site needs to be securised and users need to login by using ADFS 

4. SAML configuration for 5 sites are using exactly the same cert (trustore), and key store set to the authentication-service. 

5. Node protected in new site has been modified to be granite:AuthenticationRequired

6. ADFS is showing ok by the saml Authentication Service and users are able to type their credentials

 

An error is shown in browser 

ignaciomancillanxt_0-1597166563701.png

 

Part of SAML response is the next one: 

 

<samlp:Response ID="_74b90e0f-c87e" Version="2.0" IssueInstant="2020-08-11T17:22:10.886Z" Destination="https://new.site.com/saml_login" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfs.service.com/adfs/services/trust</Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status>

 

Actually I can see AttributeStatements

 

Into AEM by coonfiguring the log level to debug using com.adobe.granite.auth.saml you'll find jus this log:

 

11.08.2020 17:22:07.241 *WARN* [qtp1102776891-15961] com.adobe.granite.auth.saml.SamlAuthenticationHandler Unknown reason found: User name and password do not match

 

Configuration in dispatcher is enabling POST to saml_login and all rules are similar prepared as the other 4 working sites. 

 

Do you have an idea on what could it be wrong? 

 

AEM 6.5.5

 

Regards.

 

adfs authentication authenticationhadler SAML SAML2.0