Expand my Community achievements bar.

System User is not available on publisher - AEM cloud

Avatar

Level 4

Hi All,

I have created the system user on aem cloud with the repoinit script, I am able to see the user on the author and i am able to run my servlet on the author.

But when we are running the same code on publish, it's throwing some error.

 

Eroror

 com.adobe.granite.metrics. known errors.impl.ErrorLoggingComponentFilter Exception in component: category=ADOBE_UNKNOWN, resourceType=cq: Page, exceptionType=java.lang.IllegalArgumentException, errorId=CQ_RESOURCE_TYPES, resource=/content/whatsappsim/de/de/plp, exceptionMessage = The provided userId does not identify an existing user. 27.09.2023 02:48:53.704 [cm-p33452-e121351-aem-publish-9df645697-pp45q] *ERROR* [62.52.253.146 [1695782933655] POST /content/whatsappsim/de/de/plp.ucconsent.json HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Uncaught Throwable java. lang.IllegalArgumentException: The provided user ID does not identify an existing user.

 

Do we have to do any thing on publish

 

 
 

 

 

 

10 Replies

Avatar

Community Advisor

Hi @raushan123 

Make sure that you have your repoint config under the config.publish runmode. If you want to be in all run modes (obvious in this case), please have the config under "config" folder.

Keeping the config under "config.author" shall restrict it only to author.

Thank you,
Sravan

Avatar

Level 4

I want this in all run mode, that's why I have put it inside  config folder

file path:-

apps/mysite/osgiconfig/config/org.apache.sling.commons.log.LogManager.factory.config~mySystemUser.cfg.json

 

but not sure why I am getting this error on publish.ideally, it should be applicable for all run mode

Avatar

Community Advisor

seems like the user is not being created, can you move/publish the users manually once and re-run?

Also, may I see your repoint script?

Avatar

Level 4

Tried publish but same error i am getting, please find the repoinit script 

 

 

 

{
"scripts": [
"create path (sling:OrderedFolder) /content/dam/mysite",
"create path (nt:unstructured) /content/dam/mysite/jcr:content",
"create path (cq:Page) /content/mysite",
"create path (cq:PageContent) /content/mysite/jcr:content",
"create path (sling:Folder) /conf/mysite",
"create service user mySystemUser with path /home/users/system/mysite",
"set ACL for mySystemUser \r\n allow jcr:all on /content/mysite\r\n allow jcr:all on /conf/mysite\r\n allow jcr:all on /content/dam/mysite\nend"
]
}

 

 

Avatar

Community Advisor

Hello @raushan123 

 

I haven't tried myself. One of the blog says

 

Service Users MUST be created under system/cq:services to be compatible with AEMaaCS (AEMaaCS supports principal-based authorization by default only for all users below /home/users/system/cq:services). It is suggested to create a subfolder to group all possible Service Users required for the application (system/cq:services/oshyn-demo).

 

Can you please give it a try?

 

Reference: https://www.oshyn.com/blog/aem-service-users-sling-repo-initializer

 

While deploying also please check for logs like:


Aanchal Sikka

Avatar

Level 4

Hi Anchal i have tried above approach but i am getting same error .

Avatar

Community Advisor

Hello @raushan123 

 

What do the repo-init logs say? Example:

aanchalsikka_0-1695905466116.jpeg

 


Aanchal Sikka

Avatar

Level 4

HI @aanchal-sikka  there is no issue with repoinit because i am able to perform the activity on the author.

please find the latest log 

 

 

28.09.2023 12:39:04.600 [cm-****-aem-publish] *WARN* [62.52.253.144 [1695904744584] POST /test.json HTTP/1.1] com.adobe.granite.repository.impl.SystemPrincipalsValidation Refactor principal 'my-service-user' to have principal-based access control setup.

 

 

org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Uncaught Throwable
java.lang.IllegalArgumentException: The provided userId does not identify an existing user.
  at com.adobe.granite.keystore.internal.KeyStoreServiceImpl.retrieveUser(KeyStoreServiceImpl.java:634) [com.adobe.granite.crypto.keystore:3.3.10]
  at com.adobe.granite.keystore.internal.KeyStoreServiceImpl.internalGetKeyStore(KeyStoreServiceImpl.java:417) [com.adobe.granite.crypto.keystore:3.3.10]

 

 

the service user mapping I am using {
"user.mapping": [
"my-core.core:my-service-user=[my-service-user]"
]
}
 

 

 

 

Avatar

Community Advisor

@raushan123 

 

These logs are related to POST request.

I was requesting to check logs related to repo-init execution on publish.


Aanchal Sikka

Avatar

Administrator

@raushan123 Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.



Kautuk Sahni