Replies

Avatar

Avatar

anujk4

Avatar

anujk4

anujk4

15-03-2019

Hi Gaurav,

i generated the certificate as mentioned in the blog for CN=localhost. In the SSL config wizard, there is no place to mention hostname. I followed steps again but still getting the same issue.

Thanks.

Avatar

Avatar

Gaurav-Behl

MVP

Avatar

Gaurav-Behl

MVP

Gaurav-Behl
MVP

15-03-2019

Follow SSL By Default to see where to configure hostname ---

screen_shot_2018-07-25at31658pm

You could also download pre-generated certificate and utilize it for testing provided here - Adobe Experience Manager Help | Using the SSL Wizard in AEM

If it works fine, then you can go ahead and generate your own cert.

Avatar

Avatar

anujk4

Avatar

anujk4

anujk4

15-03-2019

well this seems weird. if you see the screenshot i provided as part of my earlier, in the background you can only see the port number field. The field to enter hostname is not visible. Latest screen grab attaching below.

1712352_pastedImage_0.png

No hostname field.

Avatar

Avatar

Gaurav-Behl

MVP

Avatar

Gaurav-Behl

MVP

Gaurav-Behl
MVP

15-03-2019

Well, if you check this link SSL By Default​, you'd see the hostname for both 6.3 and 6.4

I got the same screen on 6.4.3 in my local.

You may setup a fresh instance and validate the same.

What version/SP do you use?

Avatar

Avatar

anujk4

Avatar

anujk4

anujk4

15-03-2019

I am using AEM 6.3.0. i will try a fresh install.

And i just tried in on of our non prod instance that is AEM 6.3 SP1. That has the same screen as shown in previous comment.

Avatar

Avatar

Gaurav-Behl

MVP

Avatar

Gaurav-Behl

MVP

Gaurav-Behl
MVP

15-03-2019

check with existing cert to rule out cert issues

Avatar

Avatar

anujk4

Avatar

anujk4

anujk4

15-03-2019

i tried with pre generated cert and still not able to see hostname field.

Avatar

Avatar

Arun_Patidar

MVP

Total Posts

3.1K

Likes

1.2K

Correct Reply

884

Avatar

Arun_Patidar

MVP

Total Posts

3.1K

Likes

1.2K

Correct Reply

884
Arun_Patidar
MVP

15-03-2019

Hi Anuj,

Try with below filter code over https

Cookie[] ck = slingRequest.getCookies();

  for (Cookie cookie : ck) {

  if(cookie.getName().equalsIgnoreCase("cq-authoring-mode") && !cookie.getSecure()) {

  logger.info("secure");

  cookie.setSecure(true);

  slingResponse.addCookie(cookie);

  }

}

Avatar

Avatar

jamiec4451712

Avatar

jamiec4451712

jamiec4451712

08-06-2020

I know this is an old question, but our team ran into it recently and found a solution that may be helpful to others.

 

I decompiled AEM's TokenUtil class and tried to find the place where the login-token cookie is set, and the secure flag is set or not based on the request's isSecure() method. If the request is secure, then the flag is set. Otherwise, it's not. So the question really becomes: how do we get the request to be marked as secure.

 

It ends up there's a few solutions here. The first is to connect over HTTPS. Obviously this works, but in cases where there's a proxy or load balancer, the connection is often over HTTP. It's pretty well understood that a X-Forwarded-Proto header can be used in this case to tell the origin server that a proxied connection was secure. However, in our case this header was being set, but the request object was still not "secure". 

 

It ends up that these headers are simply not honored all the time by Jetty. There is a flag in the Apache Felix Jetty Based HTTP Service that handles this, but it is not the obvious one, which is "Session Cookie httpOnly". This refers to the JESSIONID cookie, not the login-token cookie, and so this checkbox has no affect.

 

The true solution is to ensure that "Enable Proxy/Load Balancer Connection" is checked in the Apache Felix Jetty Based HTTP Service configuration. It seems like Jetty will not honor the XFF headers if this value is not true. Checking this box caused the secure flag to be added to our Set-Cookie header through a proxied connection.

 

tl;dr - set Enable Proxy/Load Balancer Connection to true in the Apache Felix Jetty Based HTTP Service configuration.

Avatar

Avatar

jamiec4451712

Avatar

jamiec4451712

jamiec4451712

08-06-2020

I know this is an old question, but our team ran into a very similar issue and I posted details of our solution here: https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-session-cookie-with-ht...