i'm trying to implement a new SAML configuration into our environment. Here you have the situation:
1. There are already 4 sites using SAML authentication working perfectly
2. They are using the same service (ADFS)
3. A new site needs to be securised and users need to login by using ADFS
4. SAML configuration for 5 sites are using exactly the same cert (trustore), and key store set to the authentication-service.
5. Node protected in new site has been modified to be granite:AuthenticationRequired
6. ADFS is showing ok by the saml Authentication Service and users are able to type their credentials
An error is shown in browser
Part of SAML response is the next one:
<samlp:Response ID="_74b90e0f-c87e" Version="2.0" IssueInstant="2020-08-11T17:22:10.886Z" Destination="https://new.site.com/saml_login" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfs.service.com/adfs/services/trust</Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status>
Actually I can see AttributeStatements
Into AEM by coonfiguring the log level to debug using com.adobe.granite.auth.saml you'll find jus this log:
11.08.2020 17:22:07.241 *WARN* [qtp1102776891-15961] com.adobe.granite.auth.saml.SamlAuthenticationHandler Unknown reason found: User name and password do not match
Configuration in dispatcher is enabling POST to saml_login and all rules are similar prepared as the other 4 working sites.
Do you have an idea on what could it be wrong?