This error occurs under the following conditions:
- Policies protecting a URL are located in a realm (not root realm)
- One of the policies is using the "Authentication by Module Chain" condition (or other condition which causes a session upgrade)
- The authentication chain specified in the condition is contained within the realm
- An authentication chain with the same name does not exist in the root realm
When accessing the protected resource, the user is directed to log in again. After entering valid credentials, an error is displayed: "Login Failed Session Activation Failed".
The error is caused by a bug in LoginState.java . During the session upgrade, the code refers to "orgName". It should be calling the method "getOrgName()" which first checks to see if the orgName is null and then sets the orgName variable correctly.
A workaround for this error is to add a copy of the authentication chain to the root realm. The reason this works is because the orgName mentioned previously is always null, indicating the root realm.