KB-1938 SAML authentication fails with HTTP 401 code due to invalid signature

Parmida Borhani — Thu, 16 May 2019 08:15:24 GMT

Current Revision posted to Appian Knowledge Base by Parmida Borhani on 5/16/2019 8:15:24 AM

Symptoms

Users are unable to login and the following error is printed in the tomcat-stdOut.log file located in the <APPIAN_HOME>/logs directory:

ERROR com.appiancorp.security.auth.AppianAuthenticationProvider - Error while trying to authenticate the token: com.appiancorp.security.auth.saml.SamlAuthToken@6e1dda2b: Principal: null; Credentials: [PROTECTED]; Authenticated: false; Details: AuthenticationDetails[ts=<time_stamp>, entryPoint=PORTAL, clientIpAddress=<IP_Address>, clientUserAgent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36]; Not granted any authorities
org.opensaml.messaging.handler.MessageHandlerException: Signature was either invalid or signing key could not be established as trusted

The following error is displayed on the UI when trying to login:

Cause

This issue occurs when the IdP Metadata provided to Appian is invalid.

Action

Involve the IdP team to check if the IdP certificate is valid. Check if the right certificate is used in IdP Metadata.
If the above doesn't resolve the issue, follow KB-1461 to generate a new IdP signing certificate.
Ask the IdP to remove the current connection and reestablish it. This will refresh the partnership and allow Appian to connect to the IdP.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: May 2019

Tags: application server, SAML, integration, authentication

KB-1938 SAML authentication fails with HTTP 401 code due to invalid signature

Parmida Borhani — Thu, 16 May 2019 08:15:24 GMT

Revision 7 posted to Appian Knowledge Base by Parmida Borhani on 5/16/2019 8:15:24 AM

Symptoms

Users are unable to login and the following error is printed in the tomcat-stdOut.log file located in the <APPIAN_HOME>/logs directory:

ERROR com.appiancorp.security.auth.AppianAuthenticationProvider - Error while trying to authenticate the token: com.appiancorp.security.auth.saml.SamlAuthToken@6e1dda2b: Principal: null; Credentials: [PROTECTED]; Authenticated: false; Details: AuthenticationDetails[ts=<time_stamp>, entryPoint=PORTAL, clientIpAddress=<IP_Address>, clientUserAgent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36]; Not granted any authorities
org.opensaml.messaging.handler.MessageHandlerException: Signature was either invalid or signing key could not be established as trusted

The following error is displayed on the UI when trying to login:

Cause

This issue occurs when the IdP Metadata provided to Appian is invalid.

Action

Involve the IdP team to check if the IdP certificate is valid. Check if the right certificate is used in IdP Metadata.
If the above doesn't resolve the issue, follow KB-1461 to generate a new IdP signing certificate.
Ask the IdP to remove the current connection and reestablish it. This will refresh the partnership and allow Appian to connect to the IdP.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: May 2019

Tags: application server, SAML, integration, authentication

DRAFT KB-XXXX SAML authentication fails with HTTP 401 code due to invalid signature

Anirudh Rathi — Wed, 15 May 2019 15:23:41 GMT

Revision 6 posted to Appian Knowledge Base by Anirudh Rathi on 5/15/2019 3:23:41 PM

Symptoms

Users are unable to login and the following error is pirnted in the tomcat-stdOut.log file located in the <APPIAN_HOME>/logs directory:

ERROR com.appiancorp.security.auth.AppianAuthenticationProvider - Error while trying to authenticate the token: com.appiancorp.security.auth.saml.SamlAuthToken@6e1dda2b: Principal: null; Credentials: [PROTECTED]; Authenticated: false; Details: AuthenticationDetails[ts=<time_stamp>, entryPoint=PORTAL, clientIpAddress=<IP_Address>, clientUserAgent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36]; Not granted any authorities
org.opensaml.messaging.handler.MessageHandlerException: Signature was either invalid or signing key could not be established as trusted

The following error is displayed on the UI when trying to login:

Cause

This issue occurs when the IdP Metadata provided to Appian is invalid.

Action

Involve the IdP team to check if the IdP certificate is valid. Check if the right certificate is used in IdP Metadata.
If the above doesn't resolve the issue, follow KB-1461 to generate a new IdP signing certificate.
Ask the IdP to remove the current connection and reestablish it. This will refresh the partnership and allow Appian to connect to the IdP.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: May 2019

Tags: application server, SAML, integration

DRAFT KB-XXXX SAML authentication fails with HTTP 401 code due to invalid signature

Anirudh Rathi — Wed, 15 May 2019 15:22:29 GMT

Revision 5 posted to Appian Knowledge Base by Anirudh Rathi on 5/15/2019 3:22:29 PM

Symptoms

Users are unable to login and the following error is pirnted in the tomcat-stdOut.log file located in the <APPIAN_HOME>/logs directory:

ERROR com.appiancorp.security.auth.AppianAuthenticationProvider - Error while trying to authenticate the token: com.appiancorp.security.auth.saml.SamlAuthToken@6e1dda2b: Principal: null; Credentials: [PROTECTED]; Authenticated: false; Details: AuthenticationDetails[ts=<time_stamp>, entryPoint=PORTAL, clientIpAddress=<IP_Address>, clientUserAgent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36]; Not granted any authorities
org.opensaml.messaging.handler.MessageHandlerException: Signature was either invalid or signing key could not be established as trusted

The following error is displayed on the UI when trying to login:

Cause

This issue occurs when the IdP Metadata provided to Appian is invalid.

Action

Involve the IdP team to check if the IdP certificate is valid. Check if the right certificate is used in IdP Metadata.
If the above doesn't resolve the issue, follow KB-1461 to generate a new IdP signing certificate.
Ask the IdP to remove the current connection and reestablish it. This will refresh the partnership and allow Appian to connect to the IdP.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: May 2019

Tags: application server, SAML, integration

DRAFT KB-XXXX SAML authentication fails with HTTP 401 code due to invalid signature

Anirudh Rathi — Tue, 14 May 2019 22:08:13 GMT

Revision 4 posted to Appian Knowledge Base by Anirudh Rathi on 5/14/2019 10:08:13 PM

Symptoms

Users are unable to login due to the following error printed in the tomcat-stdOut.log file located in the <APPIAN_HOME>/logs directory:

ERROR com.appiancorp.security.auth.AppianAuthenticationProvider - Error while trying to authenticate the token: com.appiancorp.security.auth.saml.SamlAuthToken@6e1dda2b: Principal: null; Credentials: [PROTECTED]; Authenticated: false; Details: AuthenticationDetails[ts=2019-01-30 20:45:56.574, entryPoint=PORTAL, clientIpAddress=<IP_Address>, clientUserAgent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36]; Not granted any authorities
org.opensaml.messaging.handler.MessageHandlerException: Signature was either invalid or signing key could not be established as trusted

The following error is displayed on the UI when trying to login:

Cause

This issue occurs when the IdP Metadata provided to Appian is invalid.

Action

Involve the IdP team to check if the IdP certificate is valid. Check if the right certificate is used in IdP Metadata.
If the above doesn't resolve the issue, follow the KB-1461 to generate a new IdP signing certificate.
Ask the IdP to dissolve the current connection and reestablish it. This will refresh the partnership and allow Appian to connect to the IdP.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: May 2019

Tags: application server, integration

DRAFT KB-XXXX SAML authentication fails with HTTP 401 code

Anirudh Rathi — Tue, 14 May 2019 22:07:31 GMT

Revision 3 posted to Appian Knowledge Base by Anirudh Rathi on 5/14/2019 10:07:31 PM

Symptoms

Users are unable to login due to the following error printed in the tomcat-stdOut.log file located in the <APPIAN_HOME>/logs directory:

ERROR com.appiancorp.security.auth.AppianAuthenticationProvider - Error while trying to authenticate the token: com.appiancorp.security.auth.saml.SamlAuthToken@6e1dda2b: Principal: null; Credentials: [PROTECTED]; Authenticated: false; Details: AuthenticationDetails[ts=2019-01-30 20:45:56.574, entryPoint=PORTAL, clientIpAddress=<IP_Address>, clientUserAgent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36]; Not granted any authorities
org.opensaml.messaging.handler.MessageHandlerException: Signature was either invalid or signing key could not be established as trusted

The following error is displayed on the UI when trying to login:

Cause

This issue occurs when the IdP Metadata provided to Appian is invalid.

Action

Involve the IdP team to check if the IdP certificate is valid. Check if the right certificate is used in IdP Metadata.
If the above doesn't resolve the issue, follow the KB-1461 to generate a new IdP signing certificate.
Ask the IdP to dissolve the current connection and reestablish it. This will refresh the partnership and allow Appian to connect to the IdP.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: May 2019

Tags: application server, integration

DRAFT KB-XXXX SAML authentication fails with HTTP 401 code

Anirudh Rathi — Tue, 14 May 2019 21:55:04 GMT

Revision 2 posted to Appian Knowledge Base by Anirudh Rathi on 5/14/2019 9:55:04 PM

Symptoms

User are unable to login due to following error printed in the tomcat-stdOut.log file located in the <APPIAN_HOME>/logs directory:

ERROR com.appiancorp.security.auth.AppianAuthenticationProvider - Error while trying to authenticate the token: com.appiancorp.security.auth.saml.SamlAuthToken@6e1dda2b: Principal: null; Credentials: [PROTECTED]; Authenticated: false; Details: AuthenticationDetails[ts=2019-01-30 20:45:56.574, entryPoint=PORTAL, clientIpAddress=<IP_Address>, clientUserAgent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36]; Not granted any authorities
org.opensaml.messaging.handler.MessageHandlerException: Signature was either invalid or signing key could not be established as trusted

The following error is displayed on the UI when trying to login:

Cause

This issue is occurred when the IdP Metadata provided to Appian is invalid.

Action

Involve the IdP team to check if the IdP certificate is valid. Check if the right certificate is used in IdP Metadata.
If the above doesn't resolve the issue, follow the KB-1461 to generate a new IdP signing certificate.
Ask the IdP to disolve the current connection and reestablish it. This will referesh the partnership and allow Appian to connect to the IdP.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: May 2019

Tags: application server, integration

DRAFT KB-XXXX SAML authentication fails with HTTP 401 code

Anirudh Rathi — Tue, 14 May 2019 21:54:17 GMT

Revision 1 posted to Appian Knowledge Base by Anirudh Rathi on 5/14/2019 9:54:17 PM

Symptoms

User are unable to login due to following error printed in the tomcat-stdOut.log file located in the <APPIAN_HOME>/logs directory:

ERROR com.appiancorp.security.auth.AppianAuthenticationProvider - Error while trying to authenticate the token: com.appiancorp.security.auth.saml.SamlAuthToken@6e1dda2b: Principal: null; Credentials: [PROTECTED]; Authenticated: false; Details: AuthenticationDetails[ts=2019-01-30 20:45:56.574, entryPoint=PORTAL, clientIpAddress=<IP_Address>, clientUserAgent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36]; Not granted any authorities
org.opensaml.messaging.handler.MessageHandlerException: Signature was either invalid or signing key could not be established as trusted

The following error is displayed on the UI when trying to login:

Cause

This issue is occurred when the IdP Metadata provided to Appian is invalid.

Action

1. Involve the IdP team to check if the IdP certificate is valid. Check if the right certificate is used in IdP Metadata.

3. If the above doesn't resolve the issue, follow the KB-1461 to generate a new IdP signing certificate.

4. Ask the IdP to disolve the current connection and reestablish it. This will referesh the partnership and allow Appian to connect to the IdP.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: May 2019

Tags: application server, integration