Adobe Experience Manager Sites & More

raushan123 · 9/27/23

Hi All,

I have created the system user on aem cloud with the repoinit script, I am able to see the user on the author and i am able to run my servlet on the author.

But when we are running the same code on publish, it's throwing some error.

Eroror

com.adobe.granite.metrics. known errors.impl.ErrorLoggingComponentFilter Exception in component: category=ADOBE_UNKNOWN, resourceType=cq: Page, exceptionType=java.lang.IllegalArgumentException, errorId=CQ_RESOURCE_TYPES, resource=/content/whatsappsim/de/de/plp, exceptionMessage = The provided userId does not identify an existing user. 27.09.2023 02:48:53.704 [cm-p33452-e121351-aem-publish-9df645697-pp45q] *ERROR* [62.52.253.146 [1695782933655] POST /content/whatsappsim/de/de/plp.ucconsent.json HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Uncaught Throwable java. lang.IllegalArgumentException: The provided user ID does not identify an existing user.

Do we have to do any thing on publish

aanchal-sikka

EstebanBustamante

arunpatidar

B_Sravan · 9/27/23

Hi @raushan123

Make sure that you have your repoint config under the config.publish runmode. If you want to be in all run modes (obvious in this case), please have the config under "config" folder.

Keeping the config under "config.author" shall restrict it only to author.

Thank you,
Sravan

raushan123 · 9/27/23

I want this in all run mode, that's why I have put it inside config folder

file path:-

apps/mysite/osgiconfig/config/org.apache.sling.commons.log.LogManager.factory.config~mySystemUser.cfg.json

but not sure why I am getting this error on publish.ideally, it should be applicable for all run mode

B_Sravan · 9/27/23

seems like the user is not being created, can you move/publish the users manually once and re-run?

Also, may I see your repoint script?

raushan123 · 9/27/23

Tried publish but same error i am getting, please find the repoinit script

{
"scripts": [
"create path (sling:OrderedFolder) /content/dam/mysite",
"create path (nt:unstructured) /content/dam/mysite/jcr:content",
"create path (cq:Page) /content/mysite",
"create path (cq:PageContent) /content/mysite/jcr:content",
"create path (sling:Folder) /conf/mysite",
"create service user mySystemUser with path /home/users/system/mysite",
"set ACL for mySystemUser \r\n allow jcr:all on /content/mysite\r\n allow jcr:all on /conf/mysite\r\n allow jcr:all on /content/dam/mysite\nend"
]
}

aanchal-sikka · 9/27/23

Hello @raushan123

I haven't tried myself. One of the blog says

Service Users MUST be created under system/cq:services to be compatible with AEMaaCS (AEMaaCS supports principal-based authorization by default only for all users below /home/users/system/cq:services). It is suggested to create a subfolder to group all possible Service Users required for the application (system/cq:services/oshyn-demo).

Can you please give it a try?

Reference: https://www.oshyn.com/blog/aem-service-users-sling-repo-initializer

While deploying also please check for logs like:

Aanchal Sikka

raushan123 · 9/28/23

Hi Anchal i have tried above approach but i am getting same error .

aanchal-sikka · 9/28/23

Hello @raushan123

What do the repo-init logs say? Example:

Aanchal Sikka

raushan123 · 9/28/23

HI @aanchal-sikka there is no issue with repoinit because i am able to perform the activity on the author.

please find the latest log

28.09.2023 12:39:04.600 [cm-****-aem-publish] *WARN* [62.52.253.144 [1695904744584] POST /test.json HTTP/1.1] com.adobe.granite.repository.impl.SystemPrincipalsValidation Refactor principal 'my-service-user' to have principal-based access control setup.

org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Uncaught Throwable
java.lang.IllegalArgumentException: The provided userId does not identify an existing user.
at com.adobe.granite.keystore.internal.KeyStoreServiceImpl.retrieveUser(KeyStoreServiceImpl.java:634) [com.adobe.granite.crypto.keystore:3.3.10]
at com.adobe.granite.keystore.internal.KeyStoreServiceImpl.internalGetKeyStore(KeyStoreServiceImpl.java:417) [com.adobe.granite.crypto.keystore:3.3.10]

the service user mapping I am using {
"user.mapping": [
"my-core.core:my-service-user=[my-service-user]"
]
}

aanchal-sikka · 9/28/23

@raushan123

These logs are related to POST request.

I was requesting to check logs related to repo-init execution on publish.

Aanchal Sikka

kautuk_sahni · 9/28/23

@raushan123 Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

Adobe Experience Manager Sites & More

System User is not available on publisher - AEM cloud

Kautuk Sahni

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe