Hi Experts,
I am working on implementing custom authentication handler for AEM 6.4 with MFA - OTP Code. Author submits the username and password and if valid then redirected to a otp page to capture the OTP code shared via email.
Problem is once user submits the otp code, an error comes up "http://localhost:4502/j_security_check Access to localhost is denied" with error code as 403.
![Jai1122_0-1610689119987.png Jai1122_0-1610689119987.png](https://experienceleaguecommunities.adobe.com/t5/image/serverpage/image-id/29213i08D6412B4C67CF4D/image-size/medium/is-moderation-mode/true?v=v2&px=400)
And log entry as org.apache.sling.auth.core.impl.SlingAuthenticator handleSecurity: AuthenticationHandler did not block request; access denied.
Nevertheless user is logged in successfully and can access the pages. I checked this sample MFA implementation with Google Auth and a similar community discussion, but could not find any pointers why 403 comes up.
If anyone has faced similar issues or have pointers for me to check, kindly share.
Regards,
Jayapal.S