Adobe Experience Manager Sites & More

Jai1122 · 1/14/21

Hi Experts,

I am working on implementing custom authentication handler for AEM 6.4 with MFA - OTP Code. Author submits the username and password and if valid then redirected to a otp page to capture the OTP code shared via email.

Problem is once user submits the otp code, an error comes up "http://localhost:4502/j_security_check Access to localhost is denied" with error code as 403.

And log entry as org.apache.sling.auth.core.impl.SlingAuthenticator handleSecurity: AuthenticationHandler did not block request; access denied.

Nevertheless user is logged in successfully and can access the pages. I checked this sample MFA implementation with Google Auth and a similar community discussion, but could not find any pointers why 403 comes up.

If anyone has faced similar issues or have pointers for me to check, kindly share.

Regards,

Jayapal.S

Vijayalakshmi_S · 1/19/21

Hi @Jai1122,

Can you create new logger entry for org.apache.sling.auth.core.impl.SlingAuthenticator with "Debug" mode in http://localhost:4502/system/console/slinglog

Try the flow again and post the logs here. In particular log statements that start with "doHandleSecurity: ..."

Also, please elaborate your point - "Author submits the username and password and if valid then redirected to a otp page to capture the OTP.."

View solution in original post

Vijayalakshmi_S · 1/19/21

Hi @Jai1122,

Can you create new logger entry for org.apache.sling.auth.core.impl.SlingAuthenticator with "Debug" mode in http://localhost:4502/system/console/slinglog

Try the flow again and post the logs here. In particular log statements that start with "doHandleSecurity: ..."

Also, please elaborate your point - "Author submits the username and password and if valid then redirected to a otp page to capture the OTP.."