Invalid SAML token blocks sign-in on AEMaaCS

Last update: Fri Aug 01 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

When testing updated configurations for SAML authentication in the development environment of Adobe Experience Manager as a Cloud Service (AEMaaCS), the system returns an invalid_token error during sign-in. To resolve the issue, verify IDP certificates and configuration.

Description description

Environment

Adobe Experience Manager as a Cloud Service (AEMaaCS) – Sites

Issue/Symptoms

Sign-in attempt fails with an invalid_token error.
SAML authentication doesn’t complete successfully.

Resolution resolution

To resolve the issue, follow these steps:

Confirm that all required Identity Provider (IDP) certificates are correctly installed in the AEM environment and replicated across all relevant instances.
Configure new IDP app registrations to align with your AEM setup.
Test the updated configurations to confirm the issue is resolved.
Adjust closed user group settings to ensure proper access control, if necessary.

If the issue persists, review logs and publisher details to identify misconfigurations or errors.

Troubleshooting SAML related issues in the AEM troubleshooting guide.

recommendation-more-help

3d58f420-19b5-47a0-a122-5c9dab55ec7f

Invalid SAML token blocks sign-in on AEMaaCS

Description description

Environment

Issue/Symptoms

Resolution resolution

Related reading