Adobe Experience Manager Sites & More

In CQ 5.6.1 we have created custom SAML handler by extending Default SAML handler , But as in AEM 6.1 Default SAML Handler is not exposed , so we  are using default SAML Handler .

So we have created default configuration for new Default handler .

default SAML Handler is built on AuthenticationHandler, So you can write your only SAML handler using Authentication Handler !

We have followed the step mentioned  in blog to setup SAML with AEM (http://www.aemstuff.com/blogs/july/saml.html )

My SAML string is generating but when it reaches to CQ i am getting this exception 

29.12.2015 12:16:04.963 *WARN* [qtp1974217981-220] org.eclipse.jetty.servlet.ServletHandler /saml_login
org.w3c.dom.DOMException: NOT_FOUND_ERR: An attempt is made to reference a node in a context where it does not exist.
    at com.sun.org.apache.xerces.internal.dom.ElementImpl.setIdAttribute(ElementImpl.java:975)
    at com.adobe.granite.auth.saml.util.SamlReader.parse(SamlReader.java:142)
    at com.adobe.granite.auth.saml.util.SamlReader.read(SamlReader.java:111)
    at com.adobe.granite.auth.saml.binding.PostBinding.receive(PostBinding.java:91)
    at com.adobe.granite.auth.saml.SamlAuthenticationHandler.handleLogin(SamlAuthenticationHandler.java:589)
    at com.adobe.granite.auth.saml.SamlAuthenticationHandler.extractCredentials(SamlAuthenticationHandler.java:348)
    at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(AuthenticationHandlerHolder.java:75)
    at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(AbstractAuthenticationHandlerHolder.java:60)
    at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticator.java:709)
    at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:461)
    at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:446)
    at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:121)
    at org.apache.felix.http.base.internal.context.ServletContextImpl.handleSecurity(ServletContextImpl.java:339)
    at org.apache.felix.http.base.internal.handler.ServletHandler.doHandle(ServletHandler.java:334)
    at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:297)
    at org.apache.felix.http.base.internal.dispatch.ServletPipeline.handle(ServletPipeline.java:93)
    at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:50)
    at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:31)
    at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:129)
    at org.apache.felix.http.base.internal.handler.FilterHandler.doHandle(FilterHandler.java:108)
    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:80)
    at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:46)
    at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:31)
    at com.adobe.granite.license.impl.LicenseCheckFilter.doFilter(LicenseCheckFilter.java:308)
    at org.apache.felix.http.base.internal.handler.FilterHandler.doHandle(FilterHandler.java:108)
    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:80)
    at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:46)
    at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:31)
    at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:290)
    at org.apache.felix.http.base.internal.handler.FilterHandler.doHandle(FilterHandler.java:108)
    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:80)
    at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:46)
    at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:31)
    at com.shell.b2b.cq.uam.authhandler.AuthenticationFilter.doFilter(AuthenticationFilter.java:77)
    at org.apache.felix.http.base.internal.handler.FilterHandler.doHandle(FilterHandler.java:108)
    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:80)
    at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:46)
    at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:31)
    at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:89)
    at org.apache.felix.http.base.internal.handler.FilterHandler.doHandle(FilterHandler.java:108)
    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:80)
    at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:46)
    at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:31)
    at org.apache.sling.featureflags.impl.FeatureManager.doFilter(FeatureManager.java:115)
    at org.apache.felix.http.base.internal.handler.FilterHandler.doHandle(FilterHandler.java:108)
    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:80)
    at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:46)
    at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:31)
    at org.apache.sling.engine.impl.log.RequestLoggerFilter.doFilter(RequestLoggerFilter.java:75)
    at org.apache.felix.http.base.internal.handler.FilterHandler.doHandle(FilterHandler.java:108)
    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:80)
    at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:46)
    at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:31)
    at org.apache.felix.http.base.internal.dispatch.FilterPipeline.dispatch(FilterPipeline.java:76)
    at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:49)
    at org.apache.felix.http.base.internal.DispatcherServlet.service(DispatcherServlet.java:67)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:808)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
    at org.eclipse.jetty.server.Server.handle(Server.java:497)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
    at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
    at java.lang.Thread.run(Thread.java:745)

It is Stuck in SamlAuthenticationHandler  , please let us know if anyone of you have seen this issue or you inputs to resolve this issue

This error suggests issue with the saml token coming in from your idp. In your config screenshot, you're configuring this handler to intercept requests made only to /saml_login and below bath. Is that intended ? Generally this path is used to register with the IDP