403 Authentication failed Message in AEM | Community
Skip to main content
akhilraj
akhilraj
New Participant
March 23, 2023

403 Authentication failed Message in AEM

  • March 23, 2023
  • 2 replies
  • 1932 views

Hi,

In AEM, after session time, we may get error message " Authentication Failed"

Can someone please let me know, from where this message is coming and is it possible to change the message.

 

 

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

2 replies

akhilraj
akhilrajAuthor
New Participant
May 29, 2023

Sling implements a specific logic to return “Authentication Failed” when a user with invalid session request a page and Referrer Header has the same url as the page the user is visiting.

This functionality is required to avoid login loops.


That is why we are facing the issue when hitting the link of the current page.

Referrer header is sent by default when the user click on any link.

 

This behaviour can be modified by the attribute rel="noreferrer” in the HTML anchor tag.

Post this change, we are not getting the error message and it is working fine

 

Rohan_Garg
Rohan_Garg
New Participant
March 23, 2023

@akhilraj  - Can you attach the error logs when the error message is coming up ?

 

If you are trying to use a servlet via POST, try the below -

1. http://localhost:4502/system/console/configMgr

2. Search for 'Apache Sling Referrer Filter'

3. Remove POST method from the filter. Then you can call your POST method anywhere.

4. Select “Allow Empty”

 

You can also refer to the Dispatcher logs to check if any CSRF token was missing in the client headers for the POST request servlet.

https://webfuse.in/blogs/aem-upgrade-issues-403-error-when-accessing-aem-6-3-author-via-public-ip/

 

You can also refer the below URLs -

https://rashidjorvee.blogspot.com/2020/01/unable-to-access-aem-login-page.html

 

    akhilraj
    akhilrajAuthor
    New Participant
    March 24, 2023

    Actually, our site is working  with Azure SAML authentication.

    And we have a global navigation menu, in that we have home page link and logo which will redirect to same homepage.

     

    When user click on home page link from navigation or click on logo  once session is expired(without reloading the page), we are getting "Authentication  Error" message, and there will not be any other APIs, In network tab also we can see page link is 403.

     

    But after session time out, if the user is refreshing or reloading the page, we have SAML APIs triggering from site and new session will be established and not seeing this error.

     

      Rohan_Garg
      Rohan_Garg
      New Participant
      March 24, 2023

      @akhilraj - The issue seems to be with refresh tokens.

      Can you please check the below config & ensure token refresh is enabled ?

      http://aem-host:port/system/console/configMgr/org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl

       

      Please explore the below URL -

      https://helpx.adobe.com/in/experience-manager/kb/login-session-refresh-not-working.html

        Terms & ConditionsAccessibility statement

        Loading footer...