Problem with AuthenticationHandler

Question

Hi All,I'm facing an Authentication issue in my web app (AEM6, authentication via form login). I implemented an AuthenticationHandler that is involved for a specific path (/content/it).It works well and it is invoked also for the login page url (/content/it/login.html).  Following the Sling documentation (http://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html) I tried to exclude this path, register it inside the AuthenticationHandler using service registration property sling.auth.requirements.I understood this is the configuration to ensure the login form can be rendered without requiring authentication.Now login page path appears in 'Adobe Experience Manager Web Console' (/system/console/slingauth) as a path for which Authentication is NO Required correctly.Unfortunately, the method extractCredentials of my AuthenticationHandler continue to be invoked. Is this correct? Or in other words what did I fail or what I did misunderstand?Thanks in advance for your help.Emilio

JustinEd3 · Accepted Answer

Hi,You've done everything correctly. This is the expected behavior and you actually indicated why in your post (emphasis added by me):I understood this is the configuration to ensure the login form can be rendered without requiring authentication.In other words, the sling.auth.requirements property says that a pathcanbe rendered without authentication, but notonlywithout authentication. So since /content/it/login.html is under /content/it, your AuthenticationHandler will still get asked to extract credentials. If there are no credentials to extract, your extractCredentials method should return null.Regards,Justin

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded