Expand my Community achievements bar.

SamlAuthenticationHandler Unknown reason found: User name and password do not match


Level 2

Hi there, 


i'm trying to implement a new SAML configuration into our environment. Here you have the situation:


1. There are already 4 sites using SAML authentication working perfectly

2. They are using the same service (ADFS)

3. A new site needs to be securised and users need to login by using ADFS 

4. SAML configuration for 5 sites are using exactly the same cert (trustore), and key store set to the authentication-service. 

5. Node protected in new site has been modified to be granite:AuthenticationRequired

6. ADFS is showing ok by the saml Authentication Service and users are able to type their credentials


An error is shown in browser 



Part of SAML response is the next one: 


<samlp:Response ID="_74b90e0f-c87e" Version="2.0" IssueInstant="2020-08-11T17:22:10.886Z" Destination="https://new.site.com/saml_login" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfs.service.com/adfs/services/trust</Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status>


Actually I can see AttributeStatements


Into AEM by coonfiguring the log level to debug using com.adobe.granite.auth.saml you'll find jus this log:


11.08.2020 17:22:07.241 *WARN* [qtp1102776891-15961] com.adobe.granite.auth.saml.SamlAuthenticationHandler Unknown reason found: User name and password do not match


Configuration in dispatcher is enabling POST to saml_login and all rules are similar prepared as the other 4 working sites. 


Do you have an idea on what could it be wrong? 


AEM 6.5.5




0 Replies