Expand my Community achievements bar.

SOLVED

Session signed out pop up in Author is not showing up in AEM Sites

Avatar

Community Advisor
Community Advisor
3/25/25 9:13:00 AM

We are trying to set session timeout for the users in AEM Sites author by configuring the "Apache Jackrabbit Oak TokenConfiguration" to 15 mins(900000) for Token Expiration. 

 

Saravanan_Dharmaraj_0-1742918677143.png

After 15 mins, the token is getting expiration and forcing the user to re-authenticate by taking the user to the IDP which is good and working as expected. But we are not seeing the Session signed out pop up in AEM Sites before taking the user to IDP for authentication. 

 

 

Saravanan_Dharmaraj_1-1742918869006.png

 

We did the same token configuration in AEM Assets , there we see the session signed out pop comes up to indicate the user to re-authenticate. My question is what config determines this pop up to show up or not? Anyone knows why it behaves different between AEM Sites vs AEM Assets.

 

 

 

 

 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager Experience Manager Assets

Views

106

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 8
Level 8
3/26/25 12:07:55 PM

Hi @Saravanan_Dharmaraj ,

 

I tested this behavior locally by manually removing the tokens from the console (/system/console/tokenmgr). The alert was triggered in both the Assets Console and the Sites Console.

 

During debugging, I found that the popup is triggered based on the following sequence:

  • In /libs/granite/ui/components/shell/clientlibs/shell.js, the updateBadge function makes a ajax request to /mnt/overlay/granite/ui/content/shell/header/actions/pulse.data.json every two seconds.

function updateBadge(el, src, resolveWhenNewData) {
        var user = el[0].dataset.graniteShellBadgeUser;
        var label = el[0].dataset.graniteShellBadgeLabelTemplate;
        getData(user, src, resolveWhenNewData).then(function(data) {
            el.attr("badge", data.total);
            if (label) {
                el.attr("aria-label", label.replace("{{count}}", data.total));
            }
        });
    }

  • If the response status is 403 Forbidden, and the header X-Reason is "Authentication Failed", the handleLoginRedirect function is triggered.

  • The handleLoginRedirect method is defined in /etc.clientlibs/clientlibs/granite/utils.js and is called from /etc.clientlibs/clientlibs/granite/jquery/granite.js.

updateBadge function continuously checks for updates, and when the session token is missing or invalid, it triggers an authentication failure, resulting in a forced login redirect.

This should help in your analysis why this behavior is occurring on your sites. Let me know if you need further insights!

View solution in original post

Views

48

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Level 8
Level 8
3/26/25 12:07:55 PM

Hi @Saravanan_Dharmaraj ,

 

I tested this behavior locally by manually removing the tokens from the console (/system/console/tokenmgr). The alert was triggered in both the Assets Console and the Sites Console.

 

During debugging, I found that the popup is triggered based on the following sequence:

  • In /libs/granite/ui/components/shell/clientlibs/shell.js, the updateBadge function makes a ajax request to /mnt/overlay/granite/ui/content/shell/header/actions/pulse.data.json every two seconds.

function updateBadge(el, src, resolveWhenNewData) {
        var user = el[0].dataset.graniteShellBadgeUser;
        var label = el[0].dataset.graniteShellBadgeLabelTemplate;
        getData(user, src, resolveWhenNewData).then(function(data) {
            el.attr("badge", data.total);
            if (label) {
                el.attr("aria-label", label.replace("{{count}}", data.total));
            }
        });
    }

  • If the response status is 403 Forbidden, and the header X-Reason is "Authentication Failed", the handleLoginRedirect function is triggered.

  • The handleLoginRedirect method is defined in /etc.clientlibs/clientlibs/granite/utils.js and is called from /etc.clientlibs/clientlibs/granite/jquery/granite.js.

updateBadge function continuously checks for updates, and when the session token is missing or invalid, it triggers an authentication failure, resulting in a forced login redirect.

This should help in your analysis why this behavior is occurring on your sites. Let me know if you need further insights!

Views

49

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
3/27/25 3:17:55 PM
In response to narendiran_ravi

Thank you @narendiran_ravi for the detailed explanation of the issue and fix. Like you said the pop up functionality is not implemented in Sites , its avaliable only in Assets. I confirmed with Adobe with support ticket. Bringing this experience requires customization which i feel shouldnt do and we wont do and leave it as its. Hope it helps others too!

 

Adobe ticket says the below

 

The Apache Jackrabbit Oak TokenConfiguration that you’ve modified (setting the token expiration to 15 minutes) strictly controls the lifetime of the authentication token - that is, it determines when the token, and hence the user session, will be invalidated.

However, this configuration does not trigger any client‐side behavior such as displaying a “Session signed out” pop up.
In AEM Assets, the pop-up you observe is not a direct effect of the token expiration setting but rather is implemented as client-side logic ,usually via a dedicated client library or UI module. In contrast, the AEM Sites author environment does not include this additional UI functionality by default.

The Assets UI has been enhanced with a user experience element (a pop-up) that notifies users when their session is about to expire. This is implemented using custom Granite UI client libraries that listen for session expiration events.

The Sites author interface, by design, simply allows the token to expire and redirects the user to the IDP for re-authentication once the token is no longer valid. There is no built‑in mechanism to warn or prompt the user beforehand.

If you wish to have a similar “session signed out” pop up in the AEM Sites environment, it will require custom implementation. You can:

1.) Examine the client library implementation in AEM Assets (by checking the related Granite UI client libraries) as a reference.
2.) Develop and deploy a similar JavaScript or client-side module in the Sites environment that listens for inactivity and shows the pop-up before the session token expires.

 

Views

21

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM persisted query is not getting cached in dispatcher

Views

15

Likes

0

Replies

0
Clarification on AEM to AWS S3 Integration, Use cases for Binaryless and default Replication

Views

14

Likes

0

Replies

0
Creating an AEM asset programmatically on AEMaaCS using Java, but it fails to generate previews/renditions

Views

80

Likes

0

Replies

2
Connect Desktop Application to the AEM Author which has SSL enabled

Views

59

Likes

0

Replies

1
Parsys node in content node based on user selection

Views

98

Likes

0

Replies

4