Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

AEM Custom Authentication Handler Issue

Jai1122
Level 5
Level 5

Hi Experts,

  I am working on implementing custom authentication handler for AEM 6.4 with MFA - OTP Code. Author submits the username and password and if valid then redirected to a otp page to capture the OTP code shared via email.

  Problem is once user submits the otp code, an error comes up "http://localhost:4502/j_security_check Access to localhost is denied" with error code as 403.

 

Jai1122_0-1610689119987.png

And log entry as org.apache.sling.auth.core.impl.SlingAuthenticator handleSecurity: AuthenticationHandler did not block request; access denied.

 

Nevertheless user is logged in successfully and can access the pages. I checked this sample MFA implementation with Google Auth and a similar community discussion, but could not find any pointers why 403 comes up.

 

If anyone has faced similar issues or have pointers for me to check, kindly share.

 

Regards,

Jayapal.S

 

 

1 Accepted Solution
Vijayalakshmi_S
Correct answer by
Community Advisor
Community Advisor

Hi @Jai1122,

Can you create new logger entry for org.apache.sling.auth.core.impl.SlingAuthenticator with "Debug" mode in http://localhost:4502/system/console/slinglog

Try the flow again and post the logs here. In particular log statements that start with "doHandleSecurity: ..."

Also, please elaborate your point - "Author submits the username and password and if valid then redirected to a otp page to capture the OTP.." 

View solution in original post

1 Reply
Vijayalakshmi_S
Correct answer by
Community Advisor
Community Advisor

Hi @Jai1122,

Can you create new logger entry for org.apache.sling.auth.core.impl.SlingAuthenticator with "Debug" mode in http://localhost:4502/system/console/slinglog

Try the flow again and post the logs here. In particular log statements that start with "doHandleSecurity: ..."

Also, please elaborate your point - "Author submits the username and password and if valid then redirected to a otp page to capture the OTP.." 

View solution in original post