I have AEM 5.6.1 implementation which is heavily content based application and implemented single sign on using Some Central authentication Services and Publish server has URL protected like /content, /etc, /dam /bin etc.
So anybody try to access CQ Content path mostly will be redirected to CAS …Browser gets Auth token after successful login and then CQ5 publish let you go into the system.
Requirement is want to expose some of the content as Json Service and I can expose content i.e. /content/xyz.6.json. or I can write a Sling servlet and dump any content path into JSON Reponses.
CQ5 is running in domain x1.x.com. while Other client is running x2.x.xom . both are under the same CAS and understand Auth Cookies very well ..so in the same browser session if I am logged in, I can access cq5 CONTENT OR servlet like this http://x1.x.com/content/xyz.6.json or . http://x1.x.com/bin/jsonContentService so accessing CQ5 any Content URL in the same browser is not an issue.
Where is the Problem?
When I try to make a ajax call in JS code in x2.x.xom to http://x1.x.com/content/xyz.6.json I get several issue.
Access-Control-Allow-Origin *” so this is taken care.
Auth Cookies are available in browser and when content URL is called from AJAX call/restful Cookies are being passed to CQ5 SSO code but Custom Client SSO in Publish does not understand the Auth Cookies and redirect to CAS Login URL.
If you try to access the Same Content URL in browser then Custom SSO on Publish able to reads the Auth cookies and let you go..I understand this is very vague situation people talks a lot on this in several blogs and forum. Anybody can share some thoughts?
My primary question is why Auth works in Browser access but not in Ajax call?
Regards,
Chandra
Solved! Go to Solution.
Views
Replies
Total Likes
Both domains are running on https..i am not getting your point.
I did it differently.. I created a anonymous Sling servlet which has Auth cookies...I verify that cookies was issued by right authority if yes then i expose the relevant Content as JSON in browser response.
Views
Replies
Total Likes
Are you trying to access servet using Ajax fom AEM JSP?
Views
Replies
Total Likes
.Application is Angular JS code in x2.x.xom is making call to AEM sling Servlet which is in x1.x.com. Remember .x.com is common domain. and both domain are under CAS for Authentication.
Views
Replies
Total Likes
Views
Replies
Total Likes
Both domains are running on https..i am not getting your point.
I did it differently.. I created a anonymous Sling servlet which has Auth cookies...I verify that cookies was issued by right authority if yes then i expose the relevant Content as JSON in browser response.
Views
Replies
Total Likes
These are finally needed to be setup on Server side either in servelt or on IIS..
final ResourceResolver resourceResolver = request.getResourceResolver();
response.addHeader("Access-control-Allow-Origin", "http://source domain");
response.addHeader("Access-Control-Allow-Credentials", "true");
response.addHeader("Access-Control-Allow-Headers", "timestamp,X-XSRF-TOKEN,Referer,sourceSystem,transactionId");
Views
Replies
Total Likes
Views
Likes
Replies