Appian SAML Authentication Method

Hello,

I am establishing an Appian SAML SSO integration with External IDP. We complete the whole configuration. The challenges we are facing to set up the Authentication Method.

External IDP support AALs as authentication methods, AALs methods are new methods introduced to replace LOAs.  However, in Appian, AALs are not implemented. 

Did anyone face the same issue? Let me know if any solution.

  Discussion posts and replies are publicly visible

  • Hey Sushil,

    Did you get any particular error when testing the SAML configuration in Appian?
    We do not specifically need to set any authentication method in Appian SAML configuration so can you describe what part of the SAML configuration are you stuck at?

    Thanks, 
    Nishant 

  • Yes, we got 401 unauthorized access in SP. As I checked IDP side below error

    "ERROR: AuthnContextClassRef ac must be supplied - before send response"

    I tried with NONE,unspecified an LOA, no sucess

  • Did you get the 401 error when you tried clicking the 'Test Connection' button? Can you attach a screenshot of what you are seeing?

  • Yes, Please find the attache screenshot.

    2020-04-19 00:09:15,137 [Timer-4] INFO  com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL db cache cleanup process executing...removing expired entries from db
    2020-04-19 00:09:15,137 [Timer-4] INFO  com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL current memory cache entries=0 size=0 bytes
    2020-04-19 01:09:15,137 [Timer-4] INFO  com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL db cache cleanup process executing...removing expired entries from db
    2020-04-19 01:09:15,137 [Timer-4] INFO  com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL current memory cache entries=0 size=0 bytes
    2020-04-19 02:09:15,137 [Timer-4] INFO  com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL db cache cleanup process executing...removing expired entries from db
    2020-04-19 02:09:15,137 [Timer-4] INFO  com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL current memory cache entries=0 size=0 bytes
    2020-04-19 03:09:15,137 [Timer-4] INFO  com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL db cache cleanup process executing...removing expired entries from db
    2020-04-19 03:09:15,137 [Timer-4] INFO  com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL current memory cache entries=0 size=0 bytes
    2020-04-19 04:09:15,137 [Timer-4] INFO  com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL db cache cleanup process executing...removing expired entries from db
    2020-04-19 04:09:15,137 [Timer-4] INFO  com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL current memory cache entries=0 size=0 bytes
    2020-04-19 05:09:15,137 [Timer-4] INFO  com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL db cache cleanup process executing...removing expired entries from db
    2020-04-19 05:09:15,137 [Timer-4] INFO  com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL current memory cache entries=0 size=0 bytes
    2020-04-19 06:09:15,137 [Timer-4] INFO  com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL db cache cleanup process executing...removing expired entries from db
    2020-04-19 06:09:15,137 [Timer-4] INFO  com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL current memory cache entries=0 size=0 bytes
    2020-04-19 06:54:09,333 [ajp-nio-8009-exec-3983] ERROR com.appiancorp.security.auth.saml.SamlTestServlet - Unexpected exception during SAML authentication test: Index: 0
    java.lang.IndexOutOfBoundsException: Index: 0
    	at java.util.Collections$EmptyList.get(Collections.java:4456)
    	at net.shibboleth.utilities.java.support.collection.LazyList.get(LazyList.java:90)
    	at org.opensaml.core.xml.util.ListView.get(IndexedXMLObjectChildrenList.java:320)
    	at org.opensaml.core.xml.util.ListView.get(IndexedXMLObjectChildrenList.java:237)
    	at com.appiancorp.security.auth.saml.IdentityProviderManager.getName(IdentityProviderManager.java:177)
    	at com.appiancorp.security.auth.saml.IdentityProviderManager.createSamlAuthenticationToken(IdentityProviderManager.java:157)
    	at com.appiancorp.security.auth.saml.SamlTestServlet.processTestResponse(SamlTestServlet.java:130)
    	at com.appiancorp.security.auth.saml.SamlTestServlet.handlePost(SamlTestServlet.java:120)
    	at com.appiancorp.security.auth.saml.SamlTestServlet.handleRequest(SamlTestServlet.java:82)
    	at com.appiancorp.security.auth.saml.SamlTestServlet.service(SamlTestServlet.java:64)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.ap2.EntryFilter.doFilter(EntryFilter.java:40)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:39)
    	at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:70)
    	at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:58)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.security.web.AppsPortalVisibilityFilter.doFilter(AppsPortalVisibilityFilter.java:70)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
    	at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
    	at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
    	at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
    	at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
    	at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
    	at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.common.web.PathMatchExclusionFilter.doFilter(PathMatchExclusionFilter.java:68)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.security.web.FrameOptionsFilter.doFilter(FrameOptionsFilter.java:40)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.security.auth.ForceSetPasswordFilter.doFilter(ForceSetPasswordFilter.java:47)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.security.auth.AuthenticationStatusHeaderFilter.doFilter(AuthenticationStatusHeaderFilter.java:38)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.security.xss.XssFilter.doFilter(XssFilter.java:30)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.security.csp.CspFilter.doFilter(CspFilter.java:77)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
    	at com.appiancorp.security.auth.activity.UserActivityFilter.doFilter(UserActivityFilter.java:47)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
    	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    	at com.appiancorp.connectedsystems.http.oauth.OAuthMobileFilter.doFilter(OAuthMobileFilter.java:52)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    	at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:107)
    	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
    	at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
    	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
    	at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
    	at com.appiancorp.security.auth.rememberme.CookieTheftRedirectFilter.doFilter(CookieTheftRedirectFilter.java:37)
    	at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
    	at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:73)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    	at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:158)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    	at com.appiancorp.security.csrf.CsrfChannelProcessingFilter.doFilter(CsrfChannelProcessingFilter.java:82)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    	at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:155)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
    	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
    	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
    	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.common.web.HttpMethodOverrideFilter.doFilter(HttpMethodOverrideFilter.java:34)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.security.cors.CorsFilter.handleNormalRequest(CorsFilter.java:324)
    	at com.appiancorp.security.cors.CorsFilter.doFilter(CorsFilter.java:278)
    	at com.appiancorp.security.cors.CorsFilter.doFilter(CorsFilter.java:226)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.security.auth.maintwindow.MaintWindowHeaderFilter.doFilter(MaintWindowHeaderFilter.java:31)
    	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
    	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.security.auth.logging.AuthenticationLoggingFilter.doFilter(AuthenticationLoggingFilter.java:37)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.security.auth.AuthProviderFilter.doFilter(AuthProviderFilter.java:80)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.common.web.UserAgentFilter.doFilter(UserAgentFilter.java:40)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.security.web.DomainFilter.doFilter(DomainFilter.java:50)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.ap2.environment.EnvironmentFilter.doFilter(EnvironmentFilter.java:87)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.common.web.ThreadLocalRequestFilter.doFilter(ThreadLocalRequestFilter.java:34)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.ap2.NullByteInjectionFilter.doFilter(NullByteInjectionFilter.java:32)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.ap2.EncodingFilter.doFilter(EncodingFilter.java:58)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.common.web.HttpStrictTransportSecurityFilter.doFilter(HttpStrictTransportSecurityFilter.java:50)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.common.monitoring.prometheus.HttpResponseMetricsFilter.doFilter(HttpResponseMetricsFilter.java:67)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.appiancorp.tomcat.cookies.AppianCookieProcessorUserAgentStoringFilter.doFilter(AppianCookieProcessorUserAgentStoringFilter.java:24)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
    	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
    	at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:482)
    	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
    	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810)
    	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623)
    	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    	at java.lang.Thread.run(Thread.java:748)
    

  • It's IDP requirement that the Authentication context required to define saml requests.

  • Hey Sushil,

    It looks like this would warrant a bit more research into where is the authentication breaking. Can you get in touch with one of the Support Contacts for your organization and open an Appian support case?

    Thanks!!