AEM Custom Authentication Handler Issue

Avatar

Avatar
Validate 25
Level 3
Jai1122
Level 3

Likes

21 likes

Total Posts

127 posts

Correct reply

2 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Boost 5
Boost 3
View profile

Avatar
Validate 25
Level 3
Jai1122
Level 3

Likes

21 likes

Total Posts

127 posts

Correct reply

2 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Boost 5
Boost 3
View profile
Jai1122
Level 3

14-01-2021

Hi Experts,

  I am working on implementing custom authentication handler for AEM 6.4 with MFA - OTP Code. Author submits the username and password and if valid then redirected to a otp page to capture the OTP code shared via email.

  Problem is once user submits the otp code, an error comes up "http://localhost:4502/j_security_check Access to localhost is denied" with error code as 403.

 

Jai1122_0-1610689119987.png

And log entry as org.apache.sling.auth.core.impl.SlingAuthenticator handleSecurity: AuthenticationHandler did not block request; access denied.

 

Nevertheless user is logged in successfully and can access the pages. I checked this sample MFA implementation with Google Auth and a similar community discussion, but could not find any pointers why 403 comes up.

 

If anyone has faced similar issues or have pointers for me to check, kindly share.

 

Regards,

Jayapal.S

 

 

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Boost 500
MVP
Vijayalakshmi_S
MVP

Likes

573 likes

Total Posts

728 posts

Correct reply

240 solutions
Top badges earned
Boost 500
Give Back 50
Give Back 5
Ignite 10
Ignite 5
View profile

Avatar
Boost 500
MVP
Vijayalakshmi_S
MVP

Likes

573 likes

Total Posts

728 posts

Correct reply

240 solutions
Top badges earned
Boost 500
Give Back 50
Give Back 5
Ignite 10
Ignite 5
View profile
Vijayalakshmi_S
MVP

19-01-2021

Hi @Jai1122,

Can you create new logger entry for org.apache.sling.auth.core.impl.SlingAuthenticator with "Debug" mode in http://localhost:4502/system/console/slinglog

Try the flow again and post the logs here. In particular log statements that start with "doHandleSecurity: ..."

Also, please elaborate your point - "Author submits the username and password and if valid then redirected to a otp page to capture the OTP.." 

Answers (0)