Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Token based authentication in AEM

talkeshwarp7048
Level 2
Level 2

Hi All,

Here I have a use case for authentication . 

We have a website with CUG and non CUG pages in AEM.

A user logged in to the site and can access all the CUG and non-CUG pages.

Now someone(Admin) deletes the .token node from CRX for that particular user. 

the user now hits some of the non-CUG page - whether the Authentication handler should be triggered ? In my case it gets triggered which as per my understanding should not.

Let me know if any further details required.

Please let me know your points and help me to understand the proper flow.

 

 

Best Regards,

Prasad

1 Reply
Sham_HC
Level 10
Level 10

Deleting from felix console does not remove header from end user browser. So may be header is still present in browser might have caused to consider has invalid token & thrown to login page.

  • Please try with fresh private window after deleting the .token node. 
    • If issue still persist after above means issue at cug config level
    • If issue resolves means browser cache issue & you need to custamize 404.jsp page to handle your case.
talkeshwarp7048
Level 2
Level 2

Hi Sham,

Thanks for quick response !

1) if we use private window it works fine as you said.

2) in case of same browser with different tab then problem persist that means I need to handle in 404.jsp. 

We are using acs commons error handling concept. I would request you to please guide me what has to be written in 404.jsp to handle this scenario.

 

Thanks !

Prasad