AuthenticationHandler did not block request; access denied

Hi,

I am creating this discussion in regard to the 2FA authentication I found in the Adobe HELPX page. [1] - Setting up two-factor authentication for Adobe Experience Manager

Just so you know, we are using your module for AEM 6.1 for our client’s 2FA requirement.

The module seems to work fine, except that we are "intermittently" experiencing that the login page throws a 403 error - after a user submits correct credentials. What happens is, it shows a 403 error page instead immediately after the user clicks "Sign-in" button, not redirecting users to /libs/cq/core/content/welcome.html subsequently. Strangely, when we type the aforementioned link on the browser manually, e.g. https://author.local/libs/cq/core/content/welcome.html, the user gets no issue accessing the welcome page. This implies that the login process was actually successful, but there is an issue with the redirection. 

FYI, we found an warning message in the logs when it occurred:

*WARN* [qtp933178697-315] org.apache.sling.auth.core.impl.SlingAuthenticator handleSecurity: AuthenticationHandler did not block request; access denied [2] [3]

We also noticed that this occurs in all browsers - not limited to a particular browser.

We wonder if anyone also encounters the same error. We’d really appreciate it if you could share or advise us of possible solutions for this.

We look forward to hearing from you soon.

Thanks,

Kind regards,

[1] https://helpx.adobe.com/experience-manager/using/twofactor.html

[2] https://forums.adobe.com/thread/2336802

[3] https://helpx.adobe.com/experience-manager/using/oak-login.html