Adobe Experience Manager Sites & More

akhilraj · 3/23/23

Hi,

In AEM, after session time, we may get error message " Authentication Failed"

Can someone please let me know, from where this message is coming and is it possible to change the message.

Rohan_Garg · 3/23/23

@akhilraj - Can you attach the error logs when the error message is coming up ?

If you are trying to use a servlet via POST, try the below -

1. http://localhost:4502/system/console/configMgr

2. Search for 'Apache Sling Referrer Filter'

3. Remove POST method from the filter. Then you can call your POST method anywhere.

4. Select “Allow Empty”

You can also refer to the Dispatcher logs to check if any CSRF token was missing in the client headers for the POST request servlet.

https://webfuse.in/blogs/aem-upgrade-issues-403-error-when-accessing-aem-6-3-author-via-public-ip/

You can also refer the below URLs -

https://rashidjorvee.blogspot.com/2020/01/unable-to-access-aem-login-page.html

akhilraj · 3/23/23

Actually, our site is working with Azure SAML authentication.

And we have a global navigation menu, in that we have home page link and logo which will redirect to same homepage.

When user click on home page link from navigation or click on logo once session is expired(without reloading the page), we are getting "Authentication Error" message, and there will not be any other APIs, In network tab also we can see page link is 403.

But after session time out, if the user is refreshing or reloading the page, we have SAML APIs triggering from site and new session will be established and not seeing this error.

Rohan_Garg · 3/24/23

@akhilraj - The issue seems to be with refresh tokens.

Can you please check the below config & ensure token refresh is enabled ?

http://aem-host:port/system/console/configMgr/org.apache.jackrabbit.oak.security.authentication.toke...

Please explore the below URL -

https://helpx.adobe.com/in/experience-manager/kb/login-session-refresh-not-working.html

akhilraj · 3/28/23

Hi @Rohan_Garg :

I have updated the token expiry to 24 hours.

But after 24 hours of idle time, and user access same page, "Authentication Failed" error is coming.

Or if we remove login-token from cookie and access same page, still the issue is coming and page is showing 403.

Do we have any configuration to show in AEM once session is timed out?

akhilraj · 4/16/23

akhilraj · 5/29/23

Sling implements a specific logic to return “Authentication Failed” when a user with invalid session request a page and Referrer Header has the same url as the page the user is visiting.

This functionality is required to avoid login loops.

That is why we are facing the issue when hitting the link of the current page.

Referrer header is sent by default when the user click on any link.

This behaviour can be modified by the attribute rel="noreferrer” in the HTML anchor tag.

Post this change, we are not getting the error message and it is working fine

akhilraj · 5/29/23

Sling implements a specific logic to return “Authentication Failed” when a user with invalid session request a page and Referrer Header has the same url as the page the user is visiting.

This functionality is required to avoid login loops.

That is why we are facing the issue when hitting the link of the current page.

Referrer header is sent by default when the user click on any link.

This behaviour can be modified by the attribute rel="noreferrer” in the HTML anchor tag.

Post this change, we are not getting the error message and it is working fine

Adobe Experience Manager Sites & More

403 Authentication failed Message in AEM

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe