AEM Custom Authentication Handler Issue

Question

Hi Experts,

I am working on implementing custom authentication handler for AEM 6.4 with MFA - OTP Code. Author submits the username and password and if valid then redirected to a otp page to capture the OTP code shared via email.

Problem is once user submits the otp code, an error comes up "http://localhost:4502/j_security_check Access to localhost is denied" with error code as 403.

And log entry as org.apache.sling.auth.core.impl.SlingAuthenticator handleSecurity: AuthenticationHandler did not block request; access denied.

Nevertheless user is logged in successfully and can access the pages. I checked this sample MFA implementation with Google Auth and a similar community discussion, but could not find any pointers why 403 comes up.

If anyone has faced similar issues or have pointers for me to check, kindly share.

Regards,

Jayapal.S

Vijayalakshmi_S · Accepted Answer

Hi @jai1122,Can you create new logger entry for org.apache.sling.auth.core.impl.SlingAuthenticator with "Debug" mode in http://localhost:4502/system/console/slinglogTry the flow again and post the logs here. In particular log statements that start with "doHandleSecurity: ..."Also, please elaborate your point - "Author submits the username and password and if valid then redirected to a otp page to capture the OTP.."

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded