If you are facing problem to access the AEM login page; /libs/granite/core/content/login.html and getting HTTPERROR 403, FORBIDDEN and in log you are getting below error message. Its means somehow you have updated the SlingAuthenticator configuration.
*INFO* [0:0:0:0:0:0:0:1 [1402592178132] GET / HTTP/1.1] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
*INFO* [0:0:0:0:0:0:0:1 [1402592178132] GET / HTTP/1.1] org.apache.sling.auth.core.impl.SlingAuthenticator handleLoginFailure: Unable to authenticate anonymous user: Login Failure: all modules ignored
 |
| AEM login page forbidden |
Resolution:
Step 1: Under the configuration "Apache Sling Authentication Service" verify the entry of login page in property Authentication Requirements (sling.auth.requirements) set with minus symbol [-/libs/granite/core/content/login]. If you found the correct entry then check the second step.
Step 2: We have another property sling.auth.anonymous.user under the same configuration. Somehow this property has been updated hence system is unable to open the login page which should be accessible to anonymous user.
Explanation of sling.auth.anonymous.user property; it defines which user name to assume for anonymous requests, that is requests not providing credentials supported by any of the registered authentication handlers. If this property is missing or empty, the default is assumed which depends on the resource provider(s). Otherwise anonymous requests are handled with this user name. If the configured user name does not exist or is not allowed to access the resource data, anonymous requests may still be blocked. If anonymous access is not allowed, this property is ignored.
http://localhost:4502/system/console/configMgr/org.apache.sling.engine.impl.auth.SlingAuthenticator
But since, we are unable to login into the AEM, and without login we cant access the felix console(config manager). Hence we will upadte the config from crx-quickstart repository. The same config file we will find in our crx-quickstart folder under directory launchpad
\crx-quickstart\launchpad\config\org\apache\sling\engine\impl\auth
in this file if you see there is some value assign to property sling.auth.anonymous.user then make it empty like sling.auth.anonymous.user=""
Sample SlingAuthenticator.config file
No comments:
Post a Comment