Expand my Community achievements bar.

SOLVED

AEM Custom Authentication Handler Issue

Avatar

Level 5

Hi Experts,

  I am working on implementing custom authentication handler for AEM 6.4 with MFA - OTP Code. Author submits the username and password and if valid then redirected to a otp page to capture the OTP code shared via email.

  Problem is once user submits the otp code, an error comes up "http://localhost:4502/j_security_check Access to localhost is denied" with error code as 403.

 

Jai1122_0-1610689119987.png

And log entry as org.apache.sling.auth.core.impl.SlingAuthenticator handleSecurity: AuthenticationHandler did not block request; access denied.

 

Nevertheless user is logged in successfully and can access the pages. I checked this sample MFA implementation with Google Auth and a similar community discussion, but could not find any pointers why 403 comes up.

 

If anyone has faced similar issues or have pointers for me to check, kindly share.

 

Regards,

Jayapal.S

 

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @Jai1122,

Can you create new logger entry for org.apache.sling.auth.core.impl.SlingAuthenticator with "Debug" mode in http://localhost:4502/system/console/slinglog

Try the flow again and post the logs here. In particular log statements that start with "doHandleSecurity: ..."

Also, please elaborate your point - "Author submits the username and password and if valid then redirected to a otp page to capture the OTP.." 

View solution in original post

1 Reply

Avatar

Correct answer by
Community Advisor

Hi @Jai1122,

Can you create new logger entry for org.apache.sling.auth.core.impl.SlingAuthenticator with "Debug" mode in http://localhost:4502/system/console/slinglog

Try the flow again and post the logs here. In particular log statements that start with "doHandleSecurity: ..."

Also, please elaborate your point - "Author submits the username and password and if valid then redirected to a otp page to capture the OTP.."