You are currently reviewing an older revision of this page.

DRAFT KB-XXXX SAML authentication fails with HTTP 401 code

Symptoms

Users are unable to login due to the following error printed in the tomcat-stdOut.log file located in the <APPIAN_HOME>/logs directory: 

ERROR com.appiancorp.security.auth.AppianAuthenticationProvider - Error while trying to authenticate the token: com.appiancorp.security.auth.saml.SamlAuthToken@6e1dda2b: Principal: null; Credentials: [PROTECTED]; Authenticated: false; Details: AuthenticationDetails[ts=2019-01-30 20:45:56.574, entryPoint=PORTAL, clientIpAddress=<IP_Address>, clientUserAgent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36]; Not granted any authorities
org.opensaml.messaging.handler.MessageHandlerException: Signature was either invalid or signing key could not be established as trusted

The following error is displayed on the UI when trying to login: 

Cause

This issue occurs when the IdP Metadata provided to Appian is invalid. 

Action

  1.  Involve the IdP team to check if the IdP certificate is valid. Check if the right certificate is used in IdP Metadata. 
  2.  If the above doesn't resolve the issue, follow the KB-1461 to generate a new IdP signing certificate.
  3. Ask the IdP to dissolve the current connection and reestablish it. This will refresh the partnership and allow Appian to connect to the IdP.

Affected Versions

This article applies to all versions of Appian. 

 Last Reviewed: May 2019

© 2024 Appian. All rights reserved.