Hello,
I am establishing an Appian SAML SSO integration with External IDP. We complete the whole configuration. The challenges we are facing to set up the Authentication Method.
External IDP support AALs as authentication methods, AALs methods are new methods introduced to replace LOAs. However, in Appian, AALs are not implemented.
Did anyone face the same issue? Let me know if any solution.
Discussion posts and replies are publicly visible
Hey Sushil,
Did you get any particular error when testing the SAML configuration in Appian?We do not specifically need to set any authentication method in Appian SAML configuration so can you describe what part of the SAML configuration are you stuck at?
Thanks, Nishant
Yes, we got 401 unauthorized access in SP. As I checked IDP side below error
"ERROR: AuthnContextClassRef ac must be supplied - before send response"
I tried with NONE,unspecified an LOA, no sucess
Did you get the 401 error when you tried clicking the 'Test Connection' button? Can you attach a screenshot of what you are seeing?
Yes, Please find the attache screenshot.
2020-04-19 00:09:15,137 [Timer-4] INFO com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL db cache cleanup process executing...removing expired entries from db 2020-04-19 00:09:15,137 [Timer-4] INFO com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL current memory cache entries=0 size=0 bytes 2020-04-19 01:09:15,137 [Timer-4] INFO com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL db cache cleanup process executing...removing expired entries from db 2020-04-19 01:09:15,137 [Timer-4] INFO com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL current memory cache entries=0 size=0 bytes 2020-04-19 02:09:15,137 [Timer-4] INFO com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL db cache cleanup process executing...removing expired entries from db 2020-04-19 02:09:15,137 [Timer-4] INFO com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL current memory cache entries=0 size=0 bytes 2020-04-19 03:09:15,137 [Timer-4] INFO com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL db cache cleanup process executing...removing expired entries from db 2020-04-19 03:09:15,137 [Timer-4] INFO com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL current memory cache entries=0 size=0 bytes 2020-04-19 04:09:15,137 [Timer-4] INFO com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL db cache cleanup process executing...removing expired entries from db 2020-04-19 04:09:15,137 [Timer-4] INFO com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL current memory cache entries=0 size=0 bytes 2020-04-19 05:09:15,137 [Timer-4] INFO com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL db cache cleanup process executing...removing expired entries from db 2020-04-19 05:09:15,137 [Timer-4] INFO com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL current memory cache entries=0 size=0 bytes 2020-04-19 06:09:15,137 [Timer-4] INFO com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL db cache cleanup process executing...removing expired entries from db 2020-04-19 06:09:15,137 [Timer-4] INFO com.appiancorp.cache.sail.StatefulSailCacheImpl - Stateful SAIL current memory cache entries=0 size=0 bytes 2020-04-19 06:54:09,333 [ajp-nio-8009-exec-3983] ERROR com.appiancorp.security.auth.saml.SamlTestServlet - Unexpected exception during SAML authentication test: Index: 0 java.lang.IndexOutOfBoundsException: Index: 0 at java.util.Collections$EmptyList.get(Collections.java:4456) at net.shibboleth.utilities.java.support.collection.LazyList.get(LazyList.java:90) at org.opensaml.core.xml.util.ListView.get(IndexedXMLObjectChildrenList.java:320) at org.opensaml.core.xml.util.ListView.get(IndexedXMLObjectChildrenList.java:237) at com.appiancorp.security.auth.saml.IdentityProviderManager.getName(IdentityProviderManager.java:177) at com.appiancorp.security.auth.saml.IdentityProviderManager.createSamlAuthenticationToken(IdentityProviderManager.java:157) at com.appiancorp.security.auth.saml.SamlTestServlet.processTestResponse(SamlTestServlet.java:130) at com.appiancorp.security.auth.saml.SamlTestServlet.handlePost(SamlTestServlet.java:120) at com.appiancorp.security.auth.saml.SamlTestServlet.handleRequest(SamlTestServlet.java:82) at com.appiancorp.security.auth.saml.SamlTestServlet.service(SamlTestServlet.java:64) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.ap2.EntryFilter.doFilter(EntryFilter.java:40) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:39) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:70) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:58) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.security.web.AppsPortalVisibilityFilter.doFilter(AppsPortalVisibilityFilter.java:70) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176) at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176) at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.common.web.PathMatchExclusionFilter.doFilter(PathMatchExclusionFilter.java:68) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.security.web.FrameOptionsFilter.doFilter(FrameOptionsFilter.java:40) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.security.auth.ForceSetPasswordFilter.doFilter(ForceSetPasswordFilter.java:47) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.security.auth.AuthenticationStatusHeaderFilter.doFilter(AuthenticationStatusHeaderFilter.java:38) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.security.xss.XssFilter.doFilter(XssFilter.java:30) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.security.csp.CspFilter.doFilter(CspFilter.java:77) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317) at com.appiancorp.security.auth.activity.UserActivityFilter.doFilter(UserActivityFilter.java:47) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at com.appiancorp.connectedsystems.http.oauth.OAuthMobileFilter.doFilter(OAuthMobileFilter.java:52) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:107) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112) at com.appiancorp.security.auth.rememberme.CookieTheftRedirectFilter.doFilter(CookieTheftRedirectFilter.java:37) at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112) at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:73) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:158) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at com.appiancorp.security.csrf.CsrfChannelProcessingFilter.doFilter(CsrfChannelProcessingFilter.java:82) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:155) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.common.web.HttpMethodOverrideFilter.doFilter(HttpMethodOverrideFilter.java:34) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.security.cors.CorsFilter.handleNormalRequest(CorsFilter.java:324) at com.appiancorp.security.cors.CorsFilter.doFilter(CorsFilter.java:278) at com.appiancorp.security.cors.CorsFilter.doFilter(CorsFilter.java:226) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.security.auth.maintwindow.MaintWindowHeaderFilter.doFilter(MaintWindowHeaderFilter.java:31) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.security.auth.logging.AuthenticationLoggingFilter.doFilter(AuthenticationLoggingFilter.java:37) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.security.auth.AuthProviderFilter.doFilter(AuthProviderFilter.java:80) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.common.web.UserAgentFilter.doFilter(UserAgentFilter.java:40) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.security.web.DomainFilter.doFilter(DomainFilter.java:50) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.ap2.environment.EnvironmentFilter.doFilter(EnvironmentFilter.java:87) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.common.web.ThreadLocalRequestFilter.doFilter(ThreadLocalRequestFilter.java:34) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.ap2.NullByteInjectionFilter.doFilter(NullByteInjectionFilter.java:32) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.ap2.EncodingFilter.doFilter(EncodingFilter.java:58) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.common.web.HttpStrictTransportSecurityFilter.doFilter(HttpStrictTransportSecurityFilter.java:50) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.common.monitoring.prometheus.HttpResponseMetricsFilter.doFilter(HttpResponseMetricsFilter.java:67) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.appiancorp.tomcat.cookies.AppianCookieProcessorUserAgentStoringFilter.doFilter(AppianCookieProcessorUserAgentStoringFilter.java:24) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:482) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748)