Adobe Experience Manager Sites & More

Anas_R · 11/23/23

I am trying to create a shell script to create packages using package manager dev environment and then upload and install it in prod AEM environment. I believe there is no CLI setup for doing this. So I used curl commands for this. But for any URLs in my instance I am getting authentication error. I am using the same user name and password which I am using to login my AEM console successfully.

Here is the command I tried;

curl -u username:password -v -X GET https://author-xxx-xxx.adobeaemcloud.com

I got this error message;

 HTTP/2 401 
* Authentication problem. Ignoring this.
< www-authenticate: Basic realm="Sling (Development)"
< accept-ranges: bytes
< date: Thu, 23 Nov 2023 11:45:48 GMT
< strict-transport-security: max-age=31557600
< set-cookie: affinity="2c3e5d849338efa7"; Path=/; HttpOnly
< x-served-by: cache-fra-etou8220060-FRA
< x-cache: MISS
< x-timer: S1700739948.110992,VS0,VS0,VE373

Please give me some assistance to proceed.

EstebanBustamante · 11/23/23

Hi

The issue lies in the fact that the CURL command you are employing utilizes "basic" method of authorization to authenticate with AEM. Instead, you should use a Bearer Token for authentication with AEM. Please refer to this article for a detailed explanation of the correct approach: https://www.linkedin.com/pulse/using-curl-aem-cloud-prince-shivhare/

The command should commence with something similar to the following:

curl -H "Authorization: Bearer <your_ims_access_token>"

Esteban Bustamante

View solution in original post

EstebanBustamante · 11/23/23

Hi

The issue lies in the fact that the CURL command you are employing utilizes "basic" method of authorization to authenticate with AEM. Instead, you should use a Bearer Token for authentication with AEM. Please refer to this article for a detailed explanation of the correct approach: https://www.linkedin.com/pulse/using-curl-aem-cloud-prince-shivhare/

The command should commence with something similar to the following:

curl -H "Authorization: Bearer <your_ims_access_token>"

Esteban Bustamante

Anas_R · 12/4/23

@EstebanBustamante I tried to generate access token as mentioned in the documentation got from the link. In the 'Integrations' tab, there was only 2 options, 'Create New Technical Account'/ 'Get Local Development Token'. I selected the first one and I got a json response with privateKey, publicKey, clientId, clientSecret, etc.
I didn't get a token from that? What's wrong in I am doing?

EstebanBustamante · 12/4/23

Correct, you need to generate the token from these files that you downloaded from the Developer Console. Please follow this tutorial: https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/develo..., especially the section "Generate JWT Token and exchange it for Access token". The article also highlight how to further use the token.

Esteban Bustamante

partyush · 11/23/23

Hi @Anas_R

The 401 Unauthorized error suggests an authentication issue. To resolve it, follow these steps:

Double-Check Credentials: Ensure that the username and password in your curl command are correct and match the credentials required for the "Sling (Development)" realm.
Re-Encode Credentials: Verify that the credentials are correctly base64-encoded. Use this command:

echo -n 'username:password' | base64
Update Curl Command: Replace the credentials in your curl command with the encoded version:
curl -u base64_encoded_credentials -v -X GET https://author-xxx-xxx.adobeaemcloud.com
Check Session or Token Expiry: Confirm that your AEM session or authentication token is still valid. If it has expired, reauthenticate to obtain a fresh token.
Verify Realm Configuration: Ensure that your AEM instance is configured to use the "Sling (Development)" realm for authentication. Check the AEM configuration to confirm.
Debug with Verbose Output: Use the -v option with curl for detailed output:

curl -u base64_encoded_credentials -v -X GET https://author-xxx-xxx.adobeaemcloud.com
Examine the output for any specific error messages or clues about the authentication failure.
Consult AEM Documentation: Refer to the AEM documentation for any specific authentication requirements or configurations related to the "Sling (Development)" realm.
Network and Firewall: Ensure there are no network issues or firewall restrictions preventing the curl command from reaching the AEM server.

By systematically addressing these steps, you should be able to pinpoint and resolve the 401 Unauthorized issue in your curl command.

Thanks

markus_bulla_adobe · 11/24/23

Hi @Anas_R!

Depending on the use case, there are different ways to approach this.

As @EstebanBustamante correctly outlined, the general and recommended way to access AEM Cloud Services from a service (or script in your case) is to leverage bearer token authentication.

Apart form the good article that Esteban has linked, you might want to check the following documentations:

This is the recommended way to handle authentication when services / scripts need to interact with AEM CS.

That being said, there is also an option to leverage "classic" basic authentication.

You might have noticed the "Sign locally (admin tasks only)" option on the login screen of AEM CS. This can be used to sign in with a local user that has been created within AEM - and not via the regular way through Adobe IMS or your company's IDP via SSO. That means, you can create a local user in AEM (with a password), assign the required permissions and provide it to your scripts via basic authentication.

The really good advices from @partyush apply to this approach on top of my explanations.

Hope this helps!

Adobe Experience Manager Sites & More

Accessing AEM instances using CMD

Esteban Bustamante

Esteban Bustamante

Esteban Bustamante

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe