Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

25793466
Community profile 25793466 Level 2
Job title here
Location here
4 BADGES
Level 2

Level 2

Learn more
Joined the community 24-03-2016 5:00:42 PM
Offline
Top badges earned by 25793466
Customize the badges you want to showcase on your profile
Re: [New] Welcome to AEM Community! Please Introduce Yourself
Avatar
Give Back
Level 1
israel_sanchez
Level 1

Like

1 like

Total Posts

17 posts

Correct Reply

1 solution
Top badges earned
Give Back
Establish
Validate 1
Boost 1
Applaud 5
View profile
israel_sanchez
- Adobe Experience Manager
Hello folks, I'm Israel from Mexico city, I've been working with AEM and ACC for almost 2 years. Cheers.

Views

10

Likes

0

Replies

0
Re: Disable Basic Authentication
Avatar
Give Back 5
Employee
Andrew_Khoury
Employee

Likes

75 likes

Total Posts

93 posts

Correct Reply

33 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back 10
Give Back
Boost 50
View profile
Andrew_Khoury
- Adobe Experience Manager
Instead of disabling basic auth on publish, just don't include Authorization header in the /clientheaders config of the dispatcher configuration. That effectively prevents basic auth from the outside world.

Views

2.0K

Likes

0

Replies

0
Re: Encrypted OSGI configuration properties
Avatar
Validate 1
Level 2
25793466
Level 2

Likes

3 likes

Total Posts

22 posts

Correct Reply

2 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
Affirm 1
View profile
25793466
- Adobe Experience Manager
That is indeed what I was looking for. It works in 6.3 also, even though the documentation seems to be for 6.4. When you view the configuration through the CRX, the value will show the encrypted text. Then AEM magically decrypts it before it is sent to the service or external component. I guess every time a configuration is invoked, AEM reviews all the properties looking for a pattern so it knows to decrypt it.

Views

822

Likes

0

Replies

0
Re: Restricting Query Strings in dispatcher.any not working
Avatar
Validate 1
Level 2
25793466
Level 2

Likes

3 likes

Total Posts

22 posts

Correct Reply

2 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
Affirm 1
View profile
25793466
- Adobe Experience Manager
It turns out there is an issue with the dispatcher version we are using. I don't know if it effects all platforms, but it is not working correctly on 4.2.0 on IIS, x64 non-ssl version.I tested the same exact dispatcher configuration (dispatcher.any) on the latest dispatcher (v4.2.3) and the filter rules are working correctly with query strings.

Views

1.4K

Likes

0

Replies

0
Re: List all possible selectors and extensions for denial of service (DoS) attack mitigation
Avatar
Validate 1
Level 2
25793466
Level 2

Likes

3 likes

Total Posts

22 posts

Correct Reply

2 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
Affirm 1
View profile
25793466
- Adobe Experience Manager
We do deny everything first. The first line of our dispatcher.any filter section is: /0001 { /type "deny" /glob "*" }Since there are several other sections of the security checklist devoted to the dispatcher, I thought this particular section ("Incorporate controls at the application level; Control the selectors in your application") was implying something additional can be done within the app as well. I'm just trying to be thorough.

Views

984

Likes

0

Replies

0
Sending SSO User ID in "Basic" Format
Avatar
Validate 1
Level 2
25793466
Level 2

Likes

3 likes

Total Posts

22 posts

Correct Reply

2 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
Affirm 1
View profile
25793466
- Adobe Experience Manager
I'm trying to figure out how to encode a user ID for SSO using the Basic format instead of AsIs. Normally basic authentication is the encoded username:password, like admin:12345. I've tried that, just the user ID then colon, and just the user ID. AEM isn't accepting any of them.

Views

529

Likes

0

Replies

0
Re: LDAP error resulting from Active Directory server connection reset / MaxConnIdleTime
Avatar
Validate 1
Level 2
25793466
Level 2

Likes

3 likes

Total Posts

22 posts

Correct Reply

2 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
Affirm 1
View profile
25793466
- Adobe Experience Manager
I contacted Support and the error is benign. Specifically:"Your understanding about the warning is absolutely right. AEM doesn't have a function to disconnect with the LDAP. However, If you are using Active Directory, it will be disconnected by a "MaxConnIdleTime" policy of AD. The default value is 15 minutes. AD will send a "rest" packet at intervals determined by the "MaxConnIdleTime". Hence this WARN can be ignored from your end. I don't see an AEM configuration that could help this case as A...

Views

1.4K

Like

1

Replies

0
Re: Store and deploy secure OSGI configuration for OOTB AEM services
Avatar
Level 1
Shelly_Goel
Level 1

Likes

0 likes

Total Posts

3 posts

Correct Reply

0 solutions
View profile
Shelly_Goel
- Adobe Experience Manager
Hi Nemo,How did you finally implement this for storing values in GIT? I understand values can be obscured in felix console.ThanksShelly

Views

759

Likes

0

Replies

0
Re: Is Checking Data Store Consistency needed for TarMK?
Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,128 likes

Total Posts

6,133 posts

Correct Reply

1,144 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile
kautuk_sahni
- Adobe Experience Manager
I have asked this with the internal team.~kautuk

Views

666

Likes

0

Replies

0
Re: Forcing the Use of the SSL Port / Why Dispatcher Works over HTTP
Avatar
Validate 1
Level 2
25793466
Level 2

Likes

3 likes

Total Posts

22 posts

Correct Reply

2 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
Affirm 1
View profile
25793466
- Adobe Experience Manager
You are correct. It looks like the dispatcher makes the request to the publish instance using the end user facing URL host as the host header, which doesn't match the machinename.port I am forcing SSL on.

Views

632

Likes

0

Replies

0
Re: Change daily log rotation time
Avatar
Validate 1
Level 2
25793466
Level 2

Likes

3 likes

Total Posts

22 posts

Correct Reply

2 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
Affirm 1
View profile
25793466
- Adobe Experience Manager
Sorry, I think I misstated my question. I still want a daily log (one per day), but I want them to rollover not at midnight. I want them to roll at say 11pm. I understand that changing the pattern to something like yyyy-MM-dd-HH would roll them every hour but then I would end up with 24 logs per day.The reason I ask is that we have a process that sweeps/copies logs to a central server. That process has to run at 11:59pm. It is not picking up the AEM logs for that day because they have not rolled...

Views

1.5K

Likes

0

Replies

0
Re: How to make CQ5 working with enabled basic http authentication dispatcher
Avatar
Validate 1
Level 2
25793466
Level 2

Likes

3 likes

Total Posts

22 posts

Correct Reply

2 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
Affirm 1
View profile
25793466
- Adobe Experience Manager
I want to disable basic authentication and ran across this thread. I know this will break replication, but I'm just curious on how to do it. It appears that I can set HTTP Basic Authentication on http://localhost:4502/system/console/configMgr/org.apache.sling.engine.impl.auth.SlingAuthenticator to Disabled, but that doesn't seem to work on several AEM 6.2 instances I have tested on. Replication is still working and I can pass the basic authentication headers to the admin UI and it logs me in.

Views

1.9K

Likes

0

Replies

0