Hello
I have SAML auth working in my environment and now doing an SP initiated flow to handle redirects during login. I have a journey that initiates the flow to the IdP using a configuration script, and will take me back to the /enduser screen post auth, but am not seeing the other nodes in my journey (mainly debug type nodes) and seeing this error in the logs each time. Anyone see this before?
{"timestamp":"2024-05-21T01:45:28.751Z","eventName":"AM-ACCESS-OUTCOME","transactionId":"aa0126eb-881a-448d-ad6b-08833f99ab1d-1717","trackingIds":["aa0126eb-881a-448d-ad6b-08833f99ab1d-1718","93084F0B01343C12FA3B896720299C8E","s2ceb7f7411cca8d4e7fd413ca0b7c8634432b19eb"],"userId":"id=ce192e3a-2c63-42d0-8c93-3d505d90fbef,ou=user,ou=am-config","client":{"ip":"10.1.92.196","port":42178},"server":{"ip":"10.1.92.221","port":8081},"http":{"request":{"secure":true,"method":"POST","path":"https://<removed>/am/Consumer/metaAlias/sp","headers":{"accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"content-type":["application/x-www-form-urlencoded"],"host":["<removed>"],"user-agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"],"x-forwarded-for":["10.254.252.107"],"x-forwarded-host":["<removed>"],"x-forwarded-port":["443"],"x-forwarded-proto":["https"],"x-real-ip":["10.254.252.107"],"x-request-id":["3e51d31103c30ccbc04473cd03724f18"],"x-scheme":["https"]}}},"request":{"protocol":"SAML2","operation":"spAssertionConsumer"},"response":{"status":"SUCCESSFUL","statusCode":null,"elapsedTime":154,"elapsedTimeUnits":"MILLISECONDS"},"realm":"/","component":"SAML2","source":"audit","topic":"access","level":"INFO","_eventId":"aa0126eb-881a-448d-ad6b-08833f99ab1d-1727"} {"timestamp":"2024-05-21T01:45:28.922Z","level":"WARN","thread":"http-nio-8081-exec-10","mdc":{"transactionId":"aa0126eb-881a-448d-ad6b-08833f99ab1d-1728"},"logger":"com.sun.identity.sm.SMSEntry","message":"SMSEntry: Attempt by: id=ce192e3a-2c63-42d0-8c93-3d505d90fbef,ou=user,ou=am-config to read/modify entry: ou=default,ou=organizationconfig,ou=1.0,ou=sunidentityrepositoryservice,ou=services,ou=am-config has no permissions","context":"default","transactionId":"aa0126eb-881a-448d-ad6b-08833f99ab1d-1728"} {"timestamp":"2024-05-21T01:45:28.923Z","level":"WARN","thread":"http-nio-8081-exec-10","mdc":{"transactionId":"aa0126eb-881a-448d-ad6b-08833f99ab1d-1728"},"logger":"org.forgerock.openam.core.rest.server.ServerInfoResourceCommon","message":"Failed to get the distinct user id attributes for the configured identity stores in realm / ","context":"default","exception":"org.forgerock.openam.sm.exceptions.SmsAuthorizationException: Authorisation Exception. User does not have sufficient permission to perform operation: The user does not have permission to perform the operation.\n\tat com.sun.identity.sm.SMSEntry.getDelegationPermission(SMSEntry.java:1407)\n\tat com.sun.identity.sm.SMSEntry.read(SMSEntry.java:604)\n\tat com.sun.identity.sm.SMSEntry.read(SMSEntry.java:597)\n\tat com.sun.identity.sm.SMSEntry.<init>(SMSEntry.java:356)\n\tat com.sun.identity.sm.CachedSMSEntry.getInstance(CachedSMSEntry.java:385)\n\tat com.sun.identity.sm.ServiceConfigImpl.checkAndUpdatePermission(ServiceConfigImpl.java:712)\n\tat com.sun.identity.sm.ServiceConfigImpl.getFromCache(ServiceConfigImpl.java:703)\n\tat com.sun.identity.sm.ServiceConfigImpl.getInstance(ServiceConfigImpl.java:581)\n\tat com.sun.identity.sm.ServiceConfigImpl.getInstance(ServiceConfigImpl.java:562)\n\tat com.sun.identity.sm.ServiceConfigManagerImpl.getOrganizationConfig(ServiceConfigManagerImpl.java:221)\n\tat com.sun.identity.sm.ServiceConfigManager.getOrganizationConfig(ServiceConfigManager.java:266)\n\tat com.sun.identity.sm.ServiceConfigManager.getOrganizationConfig(ServiceConfigManager.java:283)\n\tat org.forgerock.openam.core.rest.server.ServerInfoResourceCommon.getUserIdAttributes(ServerInfoResourceCommon.java:230)\n\tat org.forgerock.openam.core.rest.server.ServerInfoResource.readInstance(ServerInfoResource.java:93)\n\tat org.forgerock.json.resource.InterfaceCollectionInstance.handleRead(InterfaceCollectionInstance.java:65)\n\tat org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:104)\n\tat org.forgerock.json.resource.Resources$CollectionInstanceIdContextFilter.filterRead(Resources.java:556)\n\tat org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:102)\n\tat org.forgerock.json.resource.FilterChain.handleRead(FilterChain.java:255)\n\tat org.forgerock.json.resource.Router.handleRead(Router.java:328)\n\tat org.forgerock.json.resource.Router.handleRead(Router.java:328)\n\tat org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:104)\n\tat org.forgerock.openam.rest.fluent.AuditFilter.filterRead(AuditFilter.java:187)\n\tat org.forgerock.openam.rest.fluent.AuditFilterWrapper.filterRead(AuditFilterWrapper.java:82)\n\tat org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:102)\n\tat org.forgerock.openam.rest.fluent.CrestLoggingFilter.filterRead(CrestLoggingFilter.java:158)\n\tat org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:102)\n\tat org.forgerock.openam.rest.ContextFilter.filterRead(ContextFilter.java:79)\n\tat org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:102)\n\tat org.forgerock.openam.rest.AuthenticationEnforcer.filterRead(AuthenticationEnforcer.java:174)\n\tat org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:102)\n\tat org.forgerock.json.resource.FilterChain.handleRead(FilterChain.java:255)\n\tat org.forgerock.json.resource.Router.handleRead(Router.java:328)\n\tat org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:104)\n\tat org.forgerock.openam.rest.ContextFilter.filterRead(ContextFilter.java:79)\n\tat org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:102)\n\tat org.forgerock.json.resource.FilterChain.handleRead(FilterChain.java:255)\n\tat org.forgerock.json.resource.InternalConnection.readAsync(InternalConnection.java:81)\n\tat org.forgerock.json.resource.http.RequestRunner.visitReadRequest(RequestRunner.java:319)\n\tat org.forgerock.json.resource.http.RequestRunner.visitReadRequest(RequestRunner.java:92)\n\tat org.forgerock.json.resource.Requests$ReadRequestImpl.accept(Requests.java:600)\n\tat org.forgerock.json.resource.http.RequestRunner.handleResult(RequestRunner.java:159)\n\tat org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:263)\n\tat org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)\n\tat org.forgerock.json.resource.http.HttpAdapter.doRequest(HttpAdapter.java:796)\n\tat org.forgerock.json.resource.http.HttpAdapter.doRead(HttpAdapter.java:404)\n\tat org.forgerock.json.resource.http.HttpAdapter.handle(HttpAdapter.java:307)\n\tat org.forgerock.http.handler.Handlers$HandlerDescribableAsDescribableHandler.handle(Handlers.java:147)\n\tat org.forgerock.http.filter.OptionsFilter.filter(OptionsFilter.java:69)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.json.resource.http.HttpUtils.securityHeadersFilter(HttpUtils.java:832)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.routing.Router.handle(Router.java:100)\n\tat org.forgerock.openam.cors.CorsFilter.filter(CorsFilter.java:91)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:87)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.routing.Router.handle(Router.java:100)\n\tat org.forgerock.http.routing.Router.handle(Router.java:100)\n\tat org.forgerock.openam.rest.CsrfFilter.filter(CsrfFilter.java:96)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:59)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:188)\n\tat org.forgerock.caf.authentication.framework.AuthenticationFramework.lambda$onValidateRequestSuccess$1(AuthenticationFramework.java:181)\n\tat org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:263)\n\tat org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)\n\tat org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:144)\n\tat org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:134)\n\tat org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:84)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.http.GuiceHandler.handle(GuiceHandler.java:51)\n\tat org.forgerock.openam.http.HttpRoute$6.handle(HttpRoute.java:206)\n\tat org.forgerock.http.routing.Router.handle(Router.java:100)\n\tat org.forgerock.openam.dpro.session.ProofOfPossessionTokenFilter.filter(ProofOfPossessionTokenFilter.java:95)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:63)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.http.ApiDescriptorFilter.filter(ApiDescriptorFilter.java:66)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.http.ResponseContext$ResponseContextFilter.filter(ResponseContext.java:53)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.http.OpenAMHttpApplication.lambda$static$1(OpenAMHttpApplication.java:60)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.openam.http.OpenAMHttpApplication.lambda$cacheHeaderFilter$3(OpenAMHttpApplication.java:88)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:86)\n\tat org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)\n\tat org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:282)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:623)\n\tat org.forgerock.openam.http.OpenAMHttpFrameworkServlet.service(OpenAMHttpFrameworkServlet.java:47)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:623)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)\n\tat org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)\n\tat org.forgerock.openam.validation.LargeCookieWarningFilter.doFilter(LargeCookieWarningFilter.java:48)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)\n\tat org.forgerock.openam.services.datastore.DataStoreConsistencyFilter.lambda$doFilter$0(DataStoreConsistencyFilter.java:46)\n\tat org.forgerock.openam.service.datastore.ReentrantVolatileActionConsistencyController.safeExecute(ReentrantVolatileActionConsistencyController.java:37)\n\tat org.forgerock.openam.services.datastore.DataStoreConsistencyFilter.doFilter(DataStoreConsistencyFilter.java:46)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)\n\tat org.forgerock.openam.rest.ProtocolVersionFilter.doFilter(ProtocolVersionFilter.java:66)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)\n\tat org.forgerock.openam.headers.SecureCookieFilter.doFilter(SecureCookieFilter.java:63)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)\n\tat org.forgerock.openam.headers.DisableSameSiteCookiesFilter.doFilter(DisableSameSiteCookiesFilter.java:106)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)\n\tat org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:59)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)\n\tat org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:110)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)\n\tat org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:110)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)\n\tat org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:110)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)\n\tat com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:116)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)\n\tat org.forgerock.openam.validation.RequestEntitySizeVerificationFilter.doFilter(RequestEntitySizeVerificationFilter.java:66)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)\n\tat org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:47)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)\n\tat org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)\n\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)\n\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)\n\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926)\n\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1790)\n\tat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)\n\tat org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)\n\tat org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat java.base/java.lang.Thread.run(Thread.java:833)\n","transactionId":"aa0126eb-881a-448d-ad6b-08833f99ab1d-1728"} {"timestamp":"2024-05-21T01:45:28.924Z","eventName":"AM-ACCESS-OUTCOME","transactionId":"aa0126eb-881a-448d-ad6b-08833f99ab1d-1728","trackingIds":["aa0126eb-881a-448d-ad6b-08833f99ab1d-1718"],"userId":"id=ce192e3a-2c63-42d0-8c93-3d505d90fbef,ou=user,ou=am-config","client":{"ip":"10.1.92.196","port":42178},"server":{"ip":"10.1.92.221","port":8081},"http":{"request":{"secure":true,"method":"GET","path":"https://<removed>/am/json/serverinfo/*","headers":{"accept":["application/json, text/plain, */*"],"accept-api-version":["protocol=2.1,resource=1.0"],"host":["<removed>"],"user-agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"],"x-forwarded-for":["10.254.252.107"],"x-forwarded-host":["<removed>"],"x-forwarded-port":["443"],"x-forwarded-proto":["https"],"x-real-ip":["10.254.252.107"],"x-request-id":["2e13d9153be6e4eb6eb5276a8fd67fa4"],"x-scheme":["https"]}}},"request":{"protocol":"CREST","operation":"READ"},"response":{"status":"SUCCESSFUL","statusCode":"","elapsedTime":8,"elapsedTimeUnits":"MILLISECONDS","detail":{"revision":"1352294782"}},"realm":"/","component":"Server Info","source":"audit","topic":"access","level":"INFO","_eventId":"aa0126eb-881a-448d-ad6b-08833f99ab1d-1732"}
Thanks
Nick