Expand my Community achievements bar.

403 Authentication failed Message in AEM

Avatar

Level 6

Hi,

In AEM, after session time, we may get error message " Authentication Failed"

Can someone please let me know, from where this message is coming and is it possible to change the message.

 

akhilraj_1-1679571204038.png

 

akhilraj_2-1679571218010.png

 

7 Replies

Avatar

Community Advisor

@akhilraj  - Can you attach the error logs when the error message is coming up ?

 

If you are trying to use a servlet via POST, try the below -

1. http://localhost:4502/system/console/configMgr

2. Search for 'Apache Sling Referrer Filter'

3. Remove POST method from the filter. Then you can call your POST method anywhere.

4. Select “Allow Empty”

 

You can also refer to the Dispatcher logs to check if any CSRF token was missing in the client headers for the POST request servlet.

https://webfuse.in/blogs/aem-upgrade-issues-403-error-when-accessing-aem-6-3-author-via-public-ip/

 

You can also refer the below URLs -

https://rashidjorvee.blogspot.com/2020/01/unable-to-access-aem-login-page.html

 

Avatar

Level 6

Actually, our site is working  with Azure SAML authentication.

And we have a global navigation menu, in that we have home page link and logo which will redirect to same homepage.

 

When user click on home page link from navigation or click on logo  once session is expired(without reloading the page), we are getting "Authentication  Error" message, and there will not be any other APIs, In network tab also we can see page link is 403.

 

But after session time out, if the user is refreshing or reloading the page, we have SAML APIs triggering from site and new session will be established and not seeing this error.

 

Avatar

Level 6

Hi @Rohan_Garg :

I have updated the token expiry to 24 hours.

But after 24 hours of idle time, and user access same page, "Authentication Failed" error is coming.

Or if we remove login-token from cookie and access same page, still the issue is coming and page is showing 403.

Do we have any configuration to show in AEM once session is timed out?

 

Avatar

Level 6

Sling implements a specific logic to return “Authentication Failed” when a user with invalid session request a page and Referrer Header has the same url as the page the user is visiting.

This functionality is required to avoid login loops.


That is why we are facing the issue when hitting the link of the current page.

Referrer header is sent by default when the user click on any link.

 

This behaviour can be modified by the attribute rel="noreferrer” in the HTML anchor tag.

Post this change, we are not getting the error message and it is working fine

Avatar

Level 6

Sling implements a specific logic to return “Authentication Failed” when a user with invalid session request a page and Referrer Header has the same url as the page the user is visiting.

This functionality is required to avoid login loops.


That is why we are facing the issue when hitting the link of the current page.

Referrer header is sent by default when the user click on any link.

 

This behaviour can be modified by the attribute rel="noreferrer” in the HTML anchor tag.

Post this change, we are not getting the error message and it is working fine