OOTB SSO authentication not working

Question

I am testing SSO authentication on 5.6.1 on author instance and installed these hot fixes which are related to authentication: 3645, 3707. I am giving user information as request parameter(http://localhost:4502/siteadmin?userid=testuser). I modified repository.xml as follows-

and have configured SSO authentication handler as attached. Now when I am hitting this URL (http://localhost:4502/siteadmin?userid=testuser) then it is giving blank page as I could see there are 403 errors are coming. Error.log -

08.05.2014 21:33:58.888 *WARN* [0:0:0:0:0:0:0:1 [1399565038886] GET /siteadmin?userid=testuser HTTP/1.1] org.apache.jackrabbit.core.security.authentication.AbstractLoginModule Usage of deprecated 'trust_credentials_attribute' option. Please note that for security reasons this feature will notbe supported in future releases.
08.05.2014 21:33:59.021 *INFO* [0:0:0:0:0:0:0:1 [1399565039020] GET /libs/mcm/emailservice-clientlib.css HTTP/1.1] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
08.05.2014 21:33:59.022 *INFO* [0:0:0:0:0:0:0:1 [1399565039022] GET /etc/clientlibs/foundation/jquery.js HTTP/1.1] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

I do see that testuser was logged in to crx repository but after subsequent calls of different css/js file, sling is assuming that this user is Anonymous user instead of "testuser". What my understanding is that SSOauthentication handler is not able to create token from request parameter during subsequent calls(http://localhost:5502/libs/cq/ui/widgets.js for example) as request parameter is not avaialble. Token authentication seems not working when SSO authentication handler works.

I would really appriciate if you could tell me that understand is correct or I am missing something and will it work if I use http header/cookie approach?

Regards,

Sam

Venugopal_Gumma · Accepted Answer

against which domain is your user getting authenticated ? it's not clear ..

is your custom authentication handler showing up in http://localhost:4502/system/console/slingauth# ?

Have you created your user in CQ and added the user to group which has content permissions ?

OTB Access permissions are very limited .. you will have to check this ..

Sam205505050 · Answer

I've tested SSO with cookie based approach, everything is working fine except when I tried to make cookie secure then AEM is displaying login page.

My code which is running on Tomcat:

protected void doPost(HttpServletRequest req,HttpServletResponse res)throws ServletException,IOException
{

          String newUrl = "http://localhost:4502/siteadmin";
           Cookie cookie=new Cookie("REMOTE_USER",user);
           cookie.setPath("/");
           cookie.setHttpOnly(true);
           cookie.setSecure(true); // If I remove this then SSO works
           res.addCookie(cookie);
           res.sendRedirect(newUrl);

}

Kindly let me know what could be the issue with secure cookie based SSO authentication.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded