Unable to login to WebUI/WCC via SAML, "Invalid login credentials were entered"
search cancel

Unable to login to WebUI/WCC via SAML, "Invalid login credentials were entered"

book

Article ID: 428382

calendar_today

Updated On:

Products

Autosys Workload Automation

Issue/Introduction

SAML configuration for WebUI/WCC was working and then stopped working, errors out with "Invalid login credentials were entered"

Web UI logs show:

INFO   | jvm 1    | 2026/01/29 07:15:35 |   303627 | @rest <##.##.##.## nologin> [] ERROR #SAML2AuthenticationFilter          #(359) SAML2SessionAuthenticationFilter filter: Access exception: com.ca.uejm.access.exceptions.AccessLoginException: Invalid login credentials were entered.
INFO   | jvm 1    | 2026/01/29 07:15:35 |   303627 |     at com.ca.uejm.access.providers.EmbIAMAccessProvider.authenticate(Unknown Source)
INFO   | jvm 1    | 2026/01/29 07:15:35 |   303627 |     at com.ca.uejm.access.authentication.filter.SAML2AuthenticationFilter.authenticateUser(Unknown Source)
INFO   | jvm 1    | 2026/01/29 07:15:35 |   303627 |     at com.ca.uejm.access.authentication.filter.SAML2AuthenticationFilter.doFilter(Unknown Source)
INFO   | jvm 1    | 2026/01/29 07:15:35 |   303627 |     at com.ca.uejm.access.authentication.filter.AuthorizationFilter$SimpleFilterChain.doFilter(Unknown Source)
INFO   | jvm 1    | 2026/01/29 07:15:35 |   303627 |     at com.ca.uejm.access.authentication.filter.ThreadNameSetterFilter.doFilter(Unknown Source)
INFO   | jvm 1    | 2026/01/29 07:15:35 |   303627 |     at com.ca.uejm.access.authentication.filter.AuthorizationFilter$SimpleFilterChain.doFilter(Unknown Source)
INFO   | jvm 1    | 2026/01/29 07:15:35 |   303627 |     at com.ca.uejm.access.authentication.filter.AccessContextFilter.doFilter(Unknown Source)
INFO   | jvm 1    | 2026/01/29 07:15:35 |   303627 |     at com.ca.uejm.access.authentication.filter.AuthorizationFilter$SimpleFilterChain.doFilter(Unknown Source)
INFO   | jvm 1    | 2026/01/29 07:15:35 |   303627 |     at com.ca.uejm.access.authentication.filter.P3PFilter.doFilter(Unknown Source)

EEM's saml.log shows additional errors too

FATAL 2026-01-26T15:54:02,162 [Thread-2] [com.ca.eiam.server.saml] Exception:
java.lang.RuntimeException: Something went wrong in SAMLResponse expiration validation
 at com.ca.eiam.server.saml.SamlBrowserArtifactProfileImpl.validateExpirationTime(SamlBrowserArtifactProfileImpl.java:470) ~[eiam-samlutil.jar:?]
 at com.ca.eiam.server.saml.SamlBrowserArtifactProfileImpl.GetIdentity(SamlBrowserArtifactProfileImpl.java:214) ~[eiam-samlutil.jar:?]
Caused by: java.lang.NullPointerException: Cannot invoke "org.opensaml.saml.saml2.core.Assertion.getConditions()" because "assertion" is null
 at com.ca.eiam.server.saml.SamlBrowserArtifactProfileImpl.validateExpirationTime(SamlBrowserArtifactProfileImpl.java:458) ~[eiam-samlutil.jar:?]
 ... 1 more

 

Cause

SAML configuration was done properly on one of the EEM nodes, but not both EEM nodes that were being used by WCC.

 

Resolution

SAML configuration needs to be done separately on each EEM node.  Once that is completed, the errors disappeared and WebUI allows logging in properly via SAML without errors

Powered by Wolken Software