You are currently reviewing an older revision of this page.

DRAFT KB-XXXX SAML authentication fails with HTTP 401 code

Symptoms

User are unable to login due to following error printed in the tomcat-stdOut.log file located in the <APPIAN_HOME>/logs directory: 

ERROR com.appiancorp.security.auth.AppianAuthenticationProvider - Error while trying to authenticate the token: com.appiancorp.security.auth.saml.SamlAuthToken@6e1dda2b: Principal: null; Credentials: [PROTECTED]; Authenticated: false; Details: AuthenticationDetails[ts=2019-01-30 20:45:56.574, entryPoint=PORTAL, clientIpAddress=<IP_Address>, clientUserAgent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36]; Not granted any authorities
org.opensaml.messaging.handler.MessageHandlerException: Signature was either invalid or signing key could not be established as trusted

The following error is displayed on the UI when trying to login: 

Cause

This issue is occurred when the IdP Metadata provided to Appian is invalid. 

Action

  1.  Involve the IdP team to check if the IdP certificate is valid. Check if the right certificate is used in IdP Metadata. 
  2.  If the above doesn't resolve the issue, follow the KB-1461 to generate a new IdP signing certificate.
  3. Ask the IdP to disolve the current connection and reestablish it. This will referesh the partnership and allow Appian to connect to the IdP.

Affected Versions

This article applies to all versions of Appian. 

 Last Reviewed: May 2019

© 2024 Appian. All rights reserved.