Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.

Auth0 Custom authentication handler Redirect issue even tough valid session is available.

Avatar

Level 4

Hi Team,

 

I have created a custom authentication handler by extending DefaultAuthenticationFeedbackHandler, by implementing AuthenticationHandler.

 

Uppari_Ramesh_1-1714204429733.png

 

This handler is for /content path. Any request with /content path is coming to this handler. 

The problem here is even tough I am logged into AEM with admin credentials and accessing /content page the request is going to custom authentication handler. If I logged into AEM that means I have a valid session along with valid login-token.

When a valid session is available then why my authentication handler is triggering? Is there any way we can stop this handler if valid session is available then request should not come to custom authentication handler. 

This is going like infinite loop, I am creating the user session in handler and once authentication is succeeded then I am redirecting user to the requested URI, then request is again coming to handler.

@aanchal-sikka 

@kautuk_sahni @Vijayalakshmi_S @arunpatidar @EstebanBustamante @MayurSatav @lars_auffarth 

please help.

3 Replies

Avatar

Community Advisor

@Uppari_Ramesh 

You can try to ensure that your handler checks for the presence of a valid session before proceeding with the authentication process.

 

Something like 

isValidSession(SlingHttpServletRequest request) {
        // Get the current HTTP session from the request
        HttpSession session = request.getSession(false);

        // Check if there is a session and it has a specific attribute set upon login
        if (session != null && session.getAttribute("userLoggedIn") != null) {
            // Session exists and user is logged in
            return true;
        } else {
            // No valid session exists
            return false;
        }

In this condition check for a session cookie or a session attribute that indicates an authenticated session.

 

 

Avatar

Administrator

@Uppari_Ramesh Did you find the suggestion helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.



Kautuk Sahni

Avatar

Level 4

Update: The authentication handler will automatically validates user session and we would just need to implement the handler properly. You can take reference of OOTB saml authentication handler and will get an idea how can we implement the handler properly.

 

@kautuk_sahni @gkalyan