Expand my Community achievements bar.

Token based authentication in AEM

Avatar

Level 2
Level 2
‎01-09-2016 08:17 PDT

Hi All,

Here I have a use case for authentication . 

We have a website with CUG and non CUG pages in AEM.

A user logged in to the site and can access all the CUG and non-CUG pages.

Now someone(Admin) deletes the .token node from CRX for that particular user. 

the user now hits some of the non-CUG page - whether the Authentication handler should be triggered ? In my case it gets triggered which as per my understanding should not.

Let me know if any further details required.

Please let me know your points and help me to understand the proper flow.

 

 

Best Regards,

Prasad

Views

1.4K

Replies

2

Sign in to like this content

Total Likes

Translate
Translate
2 Replies

Avatar

Level 10
Level 10
‎01-09-2016 11:41 PDT

Deleting from felix console does not remove header from end user browser. So may be header is still present in browser might have caused to consider has invalid token & thrown to login page.

  • Please try with fresh private window after deleting the .token node. 
    • If issue still persist after above means issue at cug config level
    • If issue resolves means browser cache issue & you need to custamize 404.jsp page to handle your case.

Views

791

Replies

1

Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
‎01-09-2016 23:51 PDT
In response to Sham_HC

Hi Sham,

Thanks for quick response !

1) if we use private window it works fine as you said.

2) in case of same browser with different tab then problem persist that means I need to handle in 404.jsp. 

We are using acs commons error handling concept. I would request you to please guide me what has to be written in 404.jsp to handle this scenario.

 

Thanks !

Prasad

Views

791

Replies

0

Sign in to like this content

Total Likes

Translate
Translate