Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

AEM Dispatcher config for custom authentication handler

Avatar

Level 2

Hello,

i have written a custom authentication handler for OIDC based on this one: https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager-blogs/building-an-aem-cust...
It works locally but when i deploy it to the cloud instance, the redirect from my auth server back to AEM does not work. I think it is somehow blocked by the dispatcher.
I already whitelisted the URL and parameters in the filters.any but it still does not work.

Any suggestions would be helpful.

 

# Allow oauth callback
/801 { /type "allow" /url "*/oauth/callback" }
/802 { /type "allow" /method "GET" /query "code=*" }
/803 { /type "allow" /method "GET" /query "state=*" }
1 Accepted Solution

Avatar

Correct answer by
Level 2

Dear Suresh, thank you for your reply.

I found out that we had a rewrite rule that appended .html to the request and my auth handler checked for the url path and skipped the request because of the .html suffix.

I fixed the rewrite condition and now it works:

# Append .html extension to the incoming URL
RewriteCond %{REQUEST_URI} !^/$
RewriteCond %{REQUEST_URI} !^/(apps|bin|etc|home|libs|system|tmp|var|saml_login|api|oauth/callback)
RewriteCond %{REQUEST_URI} !\.(?i:html|txt|xml|json|js|css|gif|jpe?g|png|rar|zip|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf|tif|tiff|psd|raw|svg|ttf|woff|woff2|doc|docx|xls|xlsx|pptx|ppt|ico|asc|dwg|dxf|eps|jfif|enc|rfa|rvt|xhtml|igs|dot|edrw|gsm|ifc|xlsm|lcf|adsklib|csv)$
RewriteRule ^/(.*)$ /$1.html [PT,L]

View solution in original post

2 Replies

Avatar

Community Advisor

do you see anything in dispatcher logs about blocked URLs?

 

Please check authentication token is blocking:

/*** { /type "allow" /url "*/oauth/token" }

 

Avatar

Correct answer by
Level 2

Dear Suresh, thank you for your reply.

I found out that we had a rewrite rule that appended .html to the request and my auth handler checked for the url path and skipped the request because of the .html suffix.

I fixed the rewrite condition and now it works:

# Append .html extension to the incoming URL
RewriteCond %{REQUEST_URI} !^/$
RewriteCond %{REQUEST_URI} !^/(apps|bin|etc|home|libs|system|tmp|var|saml_login|api|oauth/callback)
RewriteCond %{REQUEST_URI} !\.(?i:html|txt|xml|json|js|css|gif|jpe?g|png|rar|zip|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf|tif|tiff|psd|raw|svg|ttf|woff|woff2|doc|docx|xls|xlsx|pptx|ppt|ico|asc|dwg|dxf|eps|jfif|enc|rfa|rvt|xhtml|igs|dot|edrw|gsm|ifc|xlsm|lcf|adsklib|csv)$
RewriteRule ^/(.*)$ /$1.html [PT,L]