*INFO* [0:0:0:0:0:0:0:1 [1402592178132] GET / HTTP/1.1] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
*INFO* [0:0:0:0:0:0:0:1 [1402592178132] GET / HTTP/1.1] org.apache.sling.auth.core.impl.SlingAuthenticator handleLoginFailure: Unable to authenticate anonymous user: Login Failure: all modules ignored
AEM login page forbidden
Resolution:Step 1: Under the configuration "Apache Sling Authentication Service" verify the entry of login page in property Authentication Requirements (sling.auth.requirements) set with minus symbol [-/libs/granite/core/content/login]. If you found the correct entry then check the second step.
Step 2: We have another property sling.auth.anonymous.user under the same configuration. Somehow this property has been updated hence the system is unable to open the login page which should be accessible to anonymous users.
Explanation of sling.auth.anonymous.user property; it defines which user name to assume for anonymous requests, that is requests not providing credentials supported by any of the registered authentication handlers. If this property is missing or empty, the default is assumed which depends on the resource provider(s). Otherwise anonymous requests are handled with this user name. If the configured user name does not exist or is not allowed to access the resource data, anonymous requests may still be blocked. If anonymous access is not allowed, this property is ignored.
But since, we are unable to login to the AEM, and without login, we cant access the Felix console(config manager). Hence we will update the config from the crx-quickstart repository. The same config file we will find in our crx-quickstart folder under directory launchpad
\crx-quickstart\launchpad\config\org\apache\sling\engine\impl\auth
in this file if you see there is some value assign to property sling.auth.anonymous.user then make it empty like sling.auth.anonymous.user=""
Sample SlingAuthenticator.config file
:org.apache.felix.configadmin.revision:=L"2"
auth.annonymous=B"false"
auth.http="preemptive"
auth.http.realm="Sling\ (Development)"
auth.sudo.cookie="sling.sudo"
auth.sudo.parameter="sudo"
auth.uri.suffix=[ \
"/j_security_check", \
]
service.pid="org.apache.sling.engine.impl.auth.SlingAuthenticator"
sling.auth.anonymous.user=""
sling.auth.requirements=[ \
"+/", \
"-/libs/granite/core/content/login", \
"-/etc.clientlibs", \
"-/etc/clientlibs/granite", \
"-/libs/dam/remoteassets/content/loginerror", \
]
:org.apache.felix.configadmin.revision:=L"2"
auth.annonymous=B"false"
auth.http="preemptive"
auth.http.realm="Sling\ (Development)"
auth.sudo.cookie="sling.sudo"
auth.sudo.parameter="sudo"
auth.uri.suffix=[ \
"/j_security_check", \
]
service.pid="org.apache.sling.engine.impl.auth.SlingAuthenticator"
sling.auth.anonymous.user=""
sling.auth.requirements=[ \
"+/", \
"-/libs/granite/core/content/login", \
"-/etc.clientlibs", \
"-/etc/clientlibs/granite", \
"-/libs/dam/remoteassets/content/loginerror", \
]
No comments:
Post a Comment
If you have any doubts or questions, please let us know.