AEM redirects user back to http (SSL termination at LB) only for login page

subramanya75 01-01-2019

Hi all,

We have this issue that started appearing on prod author site recently.

We have an AEM author integrated with SAML. SSL/TLS terminated at Load Balancer.

Due to to the mixed content error we started getting few days back on our login page more works.

This is the error in detail:

We are requesting login page over https:  https://<domain-name>/libs/granite/core/content/login.html

On the console I see below error:

Mixed Content: The page at 'https://<domain-name>/libs/granite/core/content/login.html/?resource=%2F&$$login$$=%24%24login%24%24&j_reason=unknown&j_reason_code=unknown' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://<domain-name>/libs/granite/core/content/login.html/?resource=%2Flibs%2Fgranite%2Fcsrf%2Ftoken.json&$$login$$=%24%24login%24%24&j_reason=unknown&j_reason_code=unknown'. This request has been blocked; the content must be served over HTTPS.

We have done all configurations as per the URL : AEM redirecting user back to http if accessed through SSL terminated Load Balancer

But issue is still not resolved.

We are using AEM 6.3 with SP2

Accepted Solutions (1)

Accepted Solutions (1)

subramanya75 03-01-2019

Hi Gaurav,

I have already informed in my initial comment that we have checked everything as per the documentation provided at links you have shared.

Those are not useful.

We observed that when we clear the dispatcher cache for login page :libs/granite/core/content/login.html, this issue got resolved for first request and we did not get mixed content error.

Then we realized that the page "libs/granite/core/content/login.html?" cached at dispatcher and this is the culprit.

We found due to the cached page at dispatcher, our get request never reached beyond dispatcher and it was not reaching author.

  1. So we added these response headers to login page: Cache-Control:  no-cache, no-store, must-re-validate.
  2. we also added a rule at dispatcher do deny caching of loign page at dispatcher.

Now as the page is no more cached at dispatcher , request is hitting author and author is providing https response.

Hence we are able to fix the issue