Submissions are now open for the 2026 Adobe Experience Maker Awards.
해결됨
AEM Cloud Service Sites: Intermittent 403 in Auth Checker Servlet in Production
Dear Members,
We are experiencing an intermittent issue with our production publisher. We have enabled Closed User Group (CUG) and authentication for certain form pages. When a restricted page is accessed, the user is redirected to the SSO login page. After logging in, the SAML login call is successful, and the user is redirected to the requested page. However, in the Auth Checker servlet, we occasionally observe that the request session has read access, while at other times it has no access. In case of 403, user is shown 404 even if user has access to the particular resource.
Does anyone have any insights into why this is happening?
I am attaching the access log, where it can be observed that the requests are going to the same publish POD. However, the response codes vary, with some being 200 and others being 403.
1 채택된 해결책 개
정확한 답변 작성자:
Hi @KartikKarnayilDC
Are76b5d9999b-xlh5r and 76b5d9999b-88hcf are the same publish instances? Can you check the user profile what do you get in terms of SAML groups?
Arun Patidar
Hi @KartikKarnayilDC
Can you check the login-token cookie from the request object in your servlet?
Please check for both 403 and 200 responses and compare.
If there is a AEM session cookie then it must be working.
what if you skip, dispatcher, is it working all the time?
Arun Patidar
Hi @KartikKarnayilDC
If login-token is present and valid then you should be able to authenticated. The only thing I can suspect is multistep publisher with sticky session.
Arun Patidar
정확한 답변 작성자:
Hi @KartikKarnayilDC
Are76b5d9999b-xlh5r and 76b5d9999b-88hcf are the same publish instances? Can you check the user profile what do you get in terms of SAML groups?
Arun Patidar
The logs are blurry. Unable to read.
1. Please assure the secured content is not cached on CDN (covered in Steps 5-7 on blog)
2. Enable DEBUG logs, it will help you understand if caching and auth checker are working as expected.
Aanchal Sikka
Hi @KartikKarnayilDC ,
This issue could be caused by a number of factors, including caching issues, incorrect configuration of the Auth Checker servlet, or issues with the SSO login process. Here are a few steps you can take to troubleshoot the issue:
1. Check the configuration of the Auth Checker servlet to ensure that it is correctly configured to check for the appropriate permissions. You may want to review the documentation for the Auth Checker servlet to ensure that it is set up correctly.
2. Check the caching settings for the pages that are experiencing the issue. If the pages are being cached, it is possible that the cached version of the page is being served to users who do not have access, resulting in a 403 error. You may want to adjust the caching settings to ensure that the pages are not being cached for too long.
3. Check the SSO login process to ensure that it is functioning correctly. If there are issues with the SSO login process, it is possible that users are not being authenticated correctly, resulting in a 403 error.
4. Review the access logs to see if there are any patterns or trends that could help identify the root cause of the issue. You may want to look for any patterns in the times of day when the issue occurs, or any patterns in the types of requests that are resulting in a 403 error.
If none of these steps resolve the issue, you may want to consider reaching out to Adobe Support for further assistance.
Hrishikesh Kagane
@KartikKarnayilDC Did you find the suggestions from users helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!
Kautuk Sahni
관련 대화
