AEM Custom Authentication Handler Issue

Avatar

Avatar

Jai1122

Avatar

Jai1122

Jai1122

14-01-2021

Hi Experts,

  I am working on implementing custom authentication handler for AEM 6.4 with MFA - OTP Code. Author submits the username and password and if valid then redirected to a otp page to capture the OTP code shared via email.

  Problem is once user submits the otp code, an error comes up "http://localhost:4502/j_security_check Access to localhost is denied" with error code as 403.

 

Jai1122_0-1610689119987.png

And log entry as org.apache.sling.auth.core.impl.SlingAuthenticator handleSecurity: AuthenticationHandler did not block request; access denied.

 

Nevertheless user is logged in successfully and can access the pages. I checked this sample MFA implementation with Google Auth and a similar community discussion, but could not find any pointers why 403 comes up.

 

If anyone has faced similar issues or have pointers for me to check, kindly share.

 

Regards,

Jayapal.S

 

 

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

Vijayalakshmi_S

MVP

Avatar

Vijayalakshmi_S

MVP

Vijayalakshmi_S
MVP

19-01-2021

Hi @Jai1122,

Can you create new logger entry for org.apache.sling.auth.core.impl.SlingAuthenticator with "Debug" mode in http://localhost:4502/system/console/slinglog

Try the flow again and post the logs here. In particular log statements that start with "doHandleSecurity: ..."

Also, please elaborate your point - "Author submits the username and password and if valid then redirected to a otp page to capture the OTP.." 

Answers (0)