Adobe Experience Manager Forms

rajatkumar · 6/22/22

I'm running AEM Forms 6.5 JEE for WebSphere with the latest Service packs and hotfixes.
Everything works properly, except that I'm unable to login to AEM start (http://localhost:8080/lc/) with admin credentials when Global security is turned on. I have also installed the aem-websphere-globalsec-config-pkg-1.0.0.zip package.
Whenever I try logging in the AEM start (http://localhost:8080/lc/) , the following error is thrown :-

Error 500: java.lang.IllegalArgumentException: Location cannot be null in javax.servlet.http.HttpServletResponse.sendRedirect(location)

The following Error is reflected in logs when I try to login in AEM start :

After turning off Global Security the login with admin credential works fine.

Is there any configuration I am missing on WebSphere or in AEM ConfigMgr ?

Note, that AEM start login is working with other users like administrator/or any custom user but the web console is forbidden with 403 error.

Thank You in advance.

Pulkit_Jain_ · 6/22/22

@rajatkumar

Thanks for confirming! Next, do check the below checkpoints if these are modified with the content patch or not. Looking closely at the package name shared, I see that package AEM-FORMS-6.5-WEBSPHERE-GLOBALSEC-CONFIG should be installed for AEM Forms 6.5 JEE so you can recheck. Also, you need to disable Global Security on the WebSphere Application server before applying this patch and re-enable it later.

1. Does "Adobe Granite Token Authentication Handler" bundle in configMgr page shows blank for "Alternate Authentication Url" field? If yes, provide j_sling_security_check there

2. Does "Apache Sling Authentication Service" in configMgr page shows as /j_security_check for "Authentication URI Suffices". If yes, change the URL to /j_sling_security_check

If these settings are updated, you can log a support ticket for further investigation.

View solution in original post

Pulkit_Jain_ · 6/22/22

@rajatkumar

Could you check for the below configuration on this set-up and ensure that CSIv2 inbound/outbound transport option to SSL-Supported. On the default Global Security enabled installation of IBM WebSphere, CSIv2 inbound transport option is usually set to SSL-required. To change the option:

1) Log in to IBM WebSphere administration console.

2) Expand Security, and then click Global security.

3) In the Authentication section, expand RMI/IIOP security, and then click CSIv2 inbound communications (and then for CSIv2 outbound communications.)

4) In CSIv2 Transport Layer section, set value of Transport to SSL-Supported.

5) Click Apply and restart the server.

rajatkumar · 6/22/22

@Pulkit_Jain_
Hi Pulkit, Hope you are doing good!!
Yes, I have both the CSIv2 inbound/Outbound set to SSL-Supported for output and forms functionality to work. And with this set to SSL-Supported my print and email functionality is working fine but not the AEM start login.
Any other config I'm missing??

Pulkit_Jain_ · 6/22/22

@rajatkumar

Thanks for confirming! Next, do check the below checkpoints if these are modified with the content patch or not. Looking closely at the package name shared, I see that package AEM-FORMS-6.5-WEBSPHERE-GLOBALSEC-CONFIG should be installed for AEM Forms 6.5 JEE so you can recheck. Also, you need to disable Global Security on the WebSphere Application server before applying this patch and re-enable it later.

1. Does "Adobe Granite Token Authentication Handler" bundle in configMgr page shows blank for "Alternate Authentication Url" field? If yes, provide j_sling_security_check there

2. Does "Apache Sling Authentication Service" in configMgr page shows as /j_security_check for "Authentication URI Suffices". If yes, change the URL to /j_sling_security_check

If these settings are updated, you can log a support ticket for further investigation.

Kosta_Prokopiu1 · 6/23/22

Hi @rajatkumar ,

the steps Pulkit showed you are very important.

See https://helpx.adobe.com/content/dam/help/en/experience-manager/6-5/forms/pdf/upgrade-websphere.pdf Chapter 6 PDF page 55 section

"Enable WebSphere Global Administrative Security on author and publish instances"

There is another step that you have to do:

4) Log in to CRX DE Lite as an administrator. The default URL is
http://[server]:[port]/lc/crx/de/index.jsp.
5) Open the /libs/Livecycle/core/content/login/login.js file for editing
6) Search the term j_security_check and replace it with j_sling_security_check and
click Save All.
7) Log out of CRX DE Lite.

Please read the upgrade manual!

Kosta

rajatkumar · 6/28/22

@Pulkit_Jain_
Hi Pulkit, Apologies for the delay in acknowledgement.
After applying both of these settings, I was able to login with admin credentials.
But it would be really helpful if you could provide some description about this bug.
And why only it comes into play when we enable Global security on WAS.

Pulkit_Jain_ · 6/28/22

@rajatkumar

When you enable global security on the WebSphere Application Server, it throws a ‘j_security_check’ exception on login to /lc. Therefore, it is recommended to install the following package on the WebSphere Application Server if global security is enabled.

It's not actually a bug but a known issue with WAS (Global Security).

Also, the two steps shared above are already part of the package in the form of configs so I assume the package (or the correct package) was not applied.

More information here[0].

[0] - https://helpx.adobe.com/content/dam/help/en/experience-manager/6-5/forms/pdf/install-single-server-w...

Mayank_Gandhi · 6/23/22

@rajatkumar You need to disable the global security and enable the steps as highlighted in the docs and also in the AEM forms docs. Post which you can enable it again.