Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

Accessing AEM instances using CMD

Avatar

Level 2

I am trying to create a shell script to create packages using package manager dev environment and then upload and install it in prod AEM environment. I believe there is no CLI setup for doing this. So I used curl commands for this. But for any URLs in my instance I am getting authentication error. I am using the same user name and password which I am using to login my AEM console successfully. 

Here is the command I tried;

 

curl -u username:password -v -X GET https://author-xxx-xxx.adobeaemcloud.com

 

I got this error message;

 

 HTTP/2 401 
* Authentication problem. Ignoring this.
< www-authenticate: Basic realm="Sling (Development)"
< accept-ranges: bytes
< date: Thu, 23 Nov 2023 11:45:48 GMT
< strict-transport-security: max-age=31557600
< set-cookie: affinity="2c3e5d849338efa7"; Path=/; HttpOnly
< x-served-by: cache-fra-etou8220060-FRA
< x-cache: MISS
< x-timer: S1700739948.110992,VS0,VS0,VE373

 

Please give me some assistance to proceed. 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi

 

The issue lies in the fact that the CURL command you are employing utilizes "basic" method of authorization to authenticate with AEM. Instead, you should use a Bearer Token for authentication with AEM. Please refer to this article for a detailed explanation of the correct approach: https://www.linkedin.com/pulse/using-curl-aem-cloud-prince-shivhare/

 

The command should commence with something similar to the following:

curl -H "Authorization: Bearer <your_ims_access_token>"

 



Esteban Bustamante

View solution in original post

5 Replies

Avatar

Correct answer by
Community Advisor

Hi

 

The issue lies in the fact that the CURL command you are employing utilizes "basic" method of authorization to authenticate with AEM. Instead, you should use a Bearer Token for authentication with AEM. Please refer to this article for a detailed explanation of the correct approach: https://www.linkedin.com/pulse/using-curl-aem-cloud-prince-shivhare/

 

The command should commence with something similar to the following:

curl -H "Authorization: Bearer <your_ims_access_token>"

 



Esteban Bustamante

Avatar

Level 2

@EstebanBustamante I tried to generate access token as mentioned in the documentation got from the link. In the 'Integrations' tab, there was only 2 options, 'Create New Technical Account'/ 'Get Local Development Token'. I selected the first one  and I got a json response with privateKey, publicKey, clientId, clientSecret, etc. 
I didn't get a token from that? What's wrong in I am doing?

Avatar

Community Advisor

Correct, you need to generate the token from these files that you downloaded from the Developer Console. Please follow this tutorial: https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/develo..., especially the section "Generate JWT Token and exchange it for Access token". The article also highlight how to further use the token.



Esteban Bustamante

Avatar

Community Advisor

Hi @Anas_R 

 

The 401 Unauthorized error suggests an authentication issue. To resolve it, follow these steps:

  1. Double-Check Credentials: Ensure that the username and password in your curl command are correct and match the credentials required for the "Sling (Development)" realm.

  2. Re-Encode Credentials: Verify that the credentials are correctly base64-encoded. Use this command:

 

  • echo -n 'username:password' | base64
  • Update Curl Command: Replace the credentials in your curl command with the encoded version:

  • curl -u base64_encoded_credentials -v -X GET https://author-xxx-xxx.adobeaemcloud.com
  • Check Session or Token Expiry: Confirm that your AEM session or authentication token is still valid. If it has expired, reauthenticate to obtain a fresh token.

  • Verify Realm Configuration: Ensure that your AEM instance is configured to use the "Sling (Development)" realm for authentication. Check the AEM configuration to confirm.

  • Debug with Verbose Output: Use the -v option with curl for detailed output:

 

  1. curl -u base64_encoded_credentials -v -X GET https://author-xxx-xxx.adobeaemcloud.com

    Examine the output for any specific error messages or clues about the authentication failure.

  2. Consult AEM Documentation: Refer to the AEM documentation for any specific authentication requirements or configurations related to the "Sling (Development)" realm.

  3. Network and Firewall: Ensure there are no network issues or firewall restrictions preventing the curl command from reaching the AEM server.

By systematically addressing these steps, you should be able to pinpoint and resolve the 401 Unauthorized issue in your curl command.

 

 

Thanks 

Avatar

Employee Advisor

Hi @Anas_R!

Depending on the use case, there are different ways to approach this.

As @EstebanBustamante correctly outlined, the general and recommended way to access AEM Cloud Services from a service (or script in your case) is to leverage bearer token authentication.

Apart form the good article that Esteban has linked, you might want to check the following documentations:

This is the recommended way to handle authentication when services / scripts need to interact with AEM CS.

 

That being said, there is also an option to leverage "classic" basic authentication.

You might have noticed the "Sign locally (admin tasks only)" option on the login screen of AEM CS. This can be used to sign in with a local user that has been created within AEM - and not via the regular way through Adobe IMS or your company's IDP via SSO. That means, you can create a local user in AEM (with a password), assign the required permissions and provide it to your scripts via basic authentication.

The really good advices from @partyush apply to this approach on top of my explanations.

 

Hope this helps!