Menu

Showing posts with label Unable to access AEM login page. Show all posts
Showing posts with label Unable to access AEM login page. Show all posts

Getting forbidden response for AEM login page

If  you are facing problem to access the AEM login page; /libs/granite/core/content/login.html and getting HTTPERROR 403, FORBIDDEN and in log you are getting below error message. Its means somehow you have updated the SlingAuthenticator configuration.

*INFO* [0:0:0:0:0:0:0:1 [1402592178132] GET / HTTP/1.1] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
*INFO* [0:0:0:0:0:0:0:1 [1402592178132] GET / HTTP/1.1] org.apache.sling.auth.core.impl.SlingAuthenticator handleLoginFailure: Unable to authenticate anonymous user: Login Failure: all modules ignored

AEM login page forbidden error, http error 403
AEM login page forbidden

Resolution:


Step 1: Under the configuration "Apache Sling Authentication Serviceverify the entry of login page in property Authentication Requirements (sling.auth.requirements) set with minus symbol [-/libs/granite/core/content/login]. If you found the correct entry then check the second step.

Step 2: We have another property sling.auth.anonymous.user under the same configuration. Somehow this property has been updated hence system is unable to open the login page which should be accessible to anonymous user. 

Explanation of sling.auth.anonymous.user property; it defines which user name to assume for anonymous requests, that is requests not providing credentials supported by any of the registered authentication handlers. If this property is missing or empty, the default is assumed which depends on the resource provider(s). Otherwise anonymous requests are handled with this user name. If the configured user name does not exist or is not allowed to access the resource data, anonymous requests may still be blocked. If anonymous access is not allowed, this property is ignored.



To fix this issue, go to AEM config manager [/system/console/configMgr] and search for "Apache Sling Authentication Service" or go directly using this link in your local AEM instance 
http://localhost:4502/system/console/configMgr/org.apache.sling.engine.impl.auth.SlingAuthenticator

But since, we are unable to login into the AEM, and without login we cant access the felix console(config manager). Hence we will upadte the config from crx-quickstart repository. The same config file we will find in our crx-quickstart folder under directory launchpad
\crx-quickstart\launchpad\config\org\apache\sling\engine\impl\auth
in this file if you see there is some value assign to property sling.auth.anonymous.user then make it empty like sling.auth.anonymous.user=""

Sample SlingAuthenticator.config file