Disable Basic Authentication

Avatar

Avatar

25793466

Avatar

25793466

25793466

26-04-2018

I want to disable basic authentication and ran across this thread: How to make CQ5 working with enabled basic http authentication dispatcher .  I didn't get any hits, maybe because the thread was so old, so I'll post here as a new topic.

I know this will break replication, but I'm just curious on how to do it.  It appears that I can set HTTP Basic Authentication on http://localhost:4502/system/console/configMgr/org.apache.sling.engine.impl.auth.SlingAuth enticator to Disabled, but that doesn't seem to work on several AEM 6.2 instances I have tested on.  Replication is still working and I can pass the basic authentication headers to the admin UI and it logs me in.

View Entire Topic

Avatar

Avatar

Andrew_Khoury

Employee

Avatar

Andrew_Khoury

Employee

Andrew_Khoury
Employee

16-04-2020

Instead of disabling basic auth on publish, just don't include Authorization header in the /clientheaders config of the dispatcher configuration.  That effectively prevents basic auth from the outside world.