Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now

Impersonate user error in https

Avatar

Level 2
Level 2
3/10/25 3:58:44 AM

We access author instance through a VIP URL in https.
The load balancer then passes the request in http to dispatcher on port 4502 and dispatcher forwards the request to the author.
Login and other functionalities work fine. But when we try to impersonate another user we have an error. See screenshot.

impersonate_error_message.png

The user is valid, the error shown is misleading.

On console in Chrome we have this error message:
granite.js:272 Mixed Content: The page at 'https://mysite.mydomain.com/sites.html/content/mysite' was loaded over HTTPS, but requested an insecure XMLHttpRequest
endpoint 'http://mysite.mydomain.com/home/users/d/USERIDCVFBGDNKLO.impersonate.json?_charset_=utf-8&impersonat...'.
This request has been blocked; the content must be served over HTTPS.
XMLHttpRequest.send @ granite.js:272
send @ jquery.js:10259
ajax @ jquery.js:9743
(anonymous) @ foundation.js:20026
dispatch @ jquery.js:5232
elemData.handle @ jquery.js:4884
If I do the same thing in http from http://mysite.mydomain.com/sites.html/content/mysite I have no errors and I can impersonate that user and others too.
I think that the browser here is blocking the redirect. The problem is due to the fact that the response which has a status code 302, in the response header has the location url in http instead of https.
I think that maybe this is due to the fact that the author receives the request in http on port 4502, so a solution could be to configure https on author.
But this would also mean to change load balancer configuration and firewall configuration. I would not incur into the risk that some consoles or functionalities are no longer working after https configuration.
Is there a way to force the location header in https with dispatcher or load balancer ?
Which solution is best ?

 

Regards.

Views

536

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
4 Replies

Avatar

Level 2
Level 2
3/11/25 2:31:34 AM

Hi @AlleOTC ,

 

I faced the same issue, and it happens because AEM Author runs on HTTP (port 4502), so redirects include http://, which the browser blocks as mixed content. A quick fix is to force HTTPS in the Dispatcher by adding this rule in the vhost file:-

 

Header edit Location ^http://mysite.mydomain.com/(.*)$ https://mysite.mydomain.com/$1

 

For a more secure, long-term fix, enabling HTTPS on AEM Author and updating the Load Balancer to forward HTTPS is the best approach.

 

Thanks!

Views

493

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
3/11/25 3:34:54 AM
In response to Megha_kumari

Hi @Megha_kumari ,

thanks for your reply.

We will evaluate both solutions.

I will reply again when we will implement a solution, but it will take time since we have a workaround and we have other priorities at the moment.

 

Best regards.

Views

483

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Administrator
Administrator
4/11/25 4:02:25 AM
In response to AlleOTC

@AlleOTC Did you find the suggestion helpful? Please let us know if you need more information. If a response worked, kindly mark it as correct for posterity; alternatively, if you found a solution yourself, we’d appreciate it if you could share it with the community. Thank you!



Kautuk Sahni

Views

280

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
5/8/25 9:46:56 AM
In response to kautuk_sahni

Hi everyone ,
I tried to modify Dispatcher configuration as suggested by @Megha_kumari  but it didn' t work. I think we should also need to adjust some load balancer rules.
Anyway we decided to implement the other solution, I mean to enable SSL on Author instance, so we will not spend more time on the first solution.
We already enabled SSL on an instance we use for development on port 8443, that was quite easy.
But I also think we should change the Dispatcher configuration. I checked this documentation
https://experienceleague.adobe.com/en/docs/experience-manager-dispatcher/using/configuring/dispatche...
I don' t think we need to configure mutual SSL between Dispatcher and Author as they reside on the same server.
On the other hand, as they reside on the same server, I think that Dispatcher should listen on port 443 and forward requests to the Author on port 8443.
Something not mentioned in the documentation is the need to add this on httpd.conf
Listen 443

I don' t think we should install a certificate for the Dispatcher, but I am not sure about it.

I think the diagram would look like this:
Web Browser https://mysite.mydomain.com/sites.html/content/mysite ==> Load Balancer ==> Dispatcher ==> Author https://mysite.mydomain.com:8443/sites.html/content/mysite
But I am not sure how to manage this, maybe with some mod_proxy rules.
Can you help me with Dispatcher configuration ?

Views

217

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
XF Field throws an error while giving auto suggestions Solved

Views

205

Likes

0

Replies

3
How to Apply a Policy to a Video Component Inside a Core Carousel (Panel Container) in Editable Templates?

Views

559

Likes

0

Replies

3
anchor tag <href="values"> not working in custom indexing

Views

398

Likes

0

Replies

1
Local AEM Error - HTTP ERROR 500 Server Error

Views

403

Likes

0

Replies

2
Issue with Receiving Duplicate Emails in AEM Cloud Scheduler

Views

600

Likes

0

Replies

2