Expand my Community achievements bar.

SOLVED

Unable to go past the login page of JEE Server Admin UI AEM 6.2

Avatar

Level 4

Hi folks

I have AEM 6.2 JEE server which is identified by as backup server. Recently as DR activity we tried enabling the server but I cannot go past the login screen, and upon checking logs, it shows

21:20:29,503 WARNING [com.adobe.idp.um.auth.filter.CSRFFilter] (http-/0.0.0.0:8443-3) Blocked request for resource:/adminui/login.faces due to invalid referer:https://XXXXbdc.YYYY.com:8443/adminui/login.faces. More information is available at http://www.adobe.com/go/learn_dep_hardening_10 
{"outcome" => "success"} 
Press any key to continue . . . 21:22:39,007 INFO [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-2) JBWEB003075: Coyote HTTP/1.1 pausing on: http-/0.0.0.0:8443

 

Is it to do with whitelisting referer in Admin UI, if so then how can i verify as I cannot see post login pages. i cannot find any entries in lc_turnkey.xml as well.

1 Accepted Solution

Avatar

Correct answer by
Employee

yes, this is a referer issue. the easiest way is to log on locally on the server (browser with localhost:pppp/adminui) and set the referers as indicated ion the log message.

View solution in original post

8 Replies

Avatar

Correct answer by
Employee

yes, this is a referer issue. the easiest way is to log on locally on the server (browser with localhost:pppp/adminui) and set the referers as indicated ion the log message.

Avatar

Employee Advisor

@manu-gupta  Make sure the host and port is whitelisted at below UI in adminui.

Home > Settings > User Management > Configuration > Allowed Referer Settings

Avatar

Level 4
since it is a backup server in active passive architecture, I cannot bring it up for just testing. Is there a way i can check the settings while service is down in any config file?

Avatar

Employee Advisor
@manu-gupta With server in offline, No you can't verify this.

Avatar

Employee Advisor
@manu-gupta If you want to disable csrf completely Include the -Dlc.um.csrffilter.disabled=true JAVA argument in the startup script and restart the server.

Avatar

Employee
As @Mayank_Gandhi says you cannot see this in a file because these are settings in the database (also due to security reasons) and before you ask - no I don't know where engineering has placed those. You must have that server up and running to make that change in the adminui. I take it those servers have independent databases? Your best option is to add the below mentioned option to the start file of your application server (or set the JVM options in WebSphere with the applications stopped).)

Avatar

Employee
BTW: With AEM Forms 6.2 you are already in the extended support phase which ends 04/2021. You should consider upgrading/migrating to a newer version (currently 6.5). https://helpx.adobe.com/support/programs/eol-matrix.html

Avatar

Level 4
Thanks we had to bring active server down and then enabled backup server and made Allowed Referer Settings after accessing localhost.