SAML error - SAML response parameter was not provided or invalid

For the SAML login to work, verify the SAML configuration, then add the Identity Provider’s hostname to the Apache Sling Referrer Filter OSGi configuration. Check Allow Empty, and add the hosts that represent the IdP provider to Allow Hosts.

Description description

Environment

Adobe Experience Manager (AEM)

Issue

On creating the SAML 2.0 configuration to enable SSO login on the production Author, you received an error message from AEM. This was after the Azure provider performed the login and retrieved the SAML token to perform the authentication on the AEM side.

The following error occurs:

Resolution resolution

After verifying the SAML configuration, the behavior was that whenever you tried to login to AEM author, you received the 403 error.

Error 403 usually appears if the Apache Sling Referrer Filter is not enabled. Upon checking the configuration for the Apache Sling Referrer Filter, it was found that the Allow empty option was not checked, and there was also no host added into Allow Hosts.

For the SAML login to work, the Identity Provider’s hostname needs to be added to the Apache Sling Referrer Filter OSGi configuration.

Check Allow Empty, and add the hosts that represent the IdP provider to Allow Hosts.

After completing these required steps, the login was successful.

Note: The IDP URL must be added to the Apache Sling Referrer Filter configuration without including the protocol, for example, aem-sso-saml instead of https://aem-sso-saml