Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

Unable to go past the login page of JEE Server Admin UI AEM 6.2

manu-gupta
Level 3
Level 3

Hi folks

I have AEM 6.2 JEE server which is identified by as backup server. Recently as DR activity we tried enabling the server but I cannot go past the login screen, and upon checking logs, it shows

21:20:29,503 WARNING [com.adobe.idp.um.auth.filter.CSRFFilter] (http-/0.0.0.0:8443-3) Blocked request for resource:/adminui/login.faces due to invalid referer:https://XXXXbdc.YYYY.com:8443/adminui/login.faces. More information is available at http://www.adobe.com/go/learn_dep_hardening_10 
{"outcome" => "success"} 
Press any key to continue . . . 21:22:39,007 INFO [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-2) JBWEB003075: Coyote HTTP/1.1 pausing on: http-/0.0.0.0:8443

 

Is it to do with whitelisting referer in Admin UI, if so then how can i verify as I cannot see post login pages. i cannot find any entries in lc_turnkey.xml as well.

1 Accepted Solution
Kosta_Prokopiu1
Correct answer by
Employee
Employee

yes, this is a referer issue. the easiest way is to log on locally on the server (browser with localhost:pppp/adminui) and set the referers as indicated ion the log message.

View solution in original post

8 Replies
Kosta_Prokopiu1
Correct answer by
Employee
Employee

yes, this is a referer issue. the easiest way is to log on locally on the server (browser with localhost:pppp/adminui) and set the referers as indicated ion the log message.

View solution in original post

Mayank_Gandhi
Community Advisor
Community Advisor

@manu-gupta  Make sure the host and port is whitelisted at below UI in adminui.

Home > Settings > User Management > Configuration > Allowed Referer Settings
manu-gupta
Level 3
Level 3
since it is a backup server in active passive architecture, I cannot bring it up for just testing. Is there a way i can check the settings while service is down in any config file?
Mayank_Gandhi
Community Advisor
Community Advisor
@manu-gupta If you want to disable csrf completely Include the -Dlc.um.csrffilter.disabled=true JAVA argument in the startup script and restart the server.
Kosta_Prokopiu1
Employee
Employee
As @Mayank_Gandhi says you cannot see this in a file because these are settings in the database (also due to security reasons) and before you ask - no I don't know where engineering has placed those. You must have that server up and running to make that change in the adminui. I take it those servers have independent databases? Your best option is to add the below mentioned option to the start file of your application server (or set the JVM options in WebSphere with the applications stopped).)
Kosta_Prokopiu1
Employee
Employee
BTW: With AEM Forms 6.2 you are already in the extended support phase which ends 04/2021. You should consider upgrading/migrating to a newer version (currently 6.5). https://helpx.adobe.com/support/programs/eol-matrix.html
manu-gupta
Level 3
Level 3
Thanks we had to bring active server down and then enabled backup server and made Allowed Referer Settings after accessing localhost.