7 Replies Latest reply on Apr 6, 2018 1:18 PM by Jörg Hoh

    Apache 2.2 SSL Proxy for AEM 6.3.1.2 Author -- Can't Login

    thisthatheotter Level 1

      I have an AEM 6.3.1.2 author instance configured to authenticate either locally or with LDAP. Both authentication methods work on my local machine via localhost:4502, and when moved to the Apache host and accessed with its port number :4502 -- hostname:4502, when I access it on the Apache host via the SSL proxy, I can't login with either local (admin account) or LDAP authentication.

       

      I tried adding hostname to the referrer filter configMgr setting as well as selecting "allow empty" -- neither affected the behavior.

       

      Login page loads with SSL but login fails.

       

      load login page -

       

      30.03.2018 09:26:36.190 *INFO* [qtp1289250881-9193] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

       

      30.03.2018 09:26:36.426 *WARN* [5.6.7.8 [1522416396423] GET /libs/granite/core/content/login.html HTTP/1.1] libs.granite.core.components.login.login$jsp j_reason param value 'unknown' cannot be mapped to a valid reason message: ignoring

       

      30.03.2018 09:26:37.142 *INFO* [qtp1289250881-9195] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

       

      try to login -

       

      30.03.2018 09:26:51.623 *INFO* [qtp1289250881-9193] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

       

      30.03.2018 09:26:51.992 *INFO* [qtp1289250881-3471] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

       

       

      My VirtualHost looks like this (in main httpd.conf)

       

      NameVirtualHost 1.2.3.4:443

       

      <VirtualHost 1.2.3.4:443>

       

      ServerName hostname

       

      RewriteEngine On

      SSLProxyEngine On

       

      RewriteCond %{HTTPS} off

      RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

       

      ProxyPass / http://hostname:4502/

      ProxyPassReverse / hostname:4502/

       

      SSLEngine on

       

      SSLCertificateFile /etc/pki/tls/certs/xyz.crt

      SSLCertificateKeyFile /etc/pki/tls/private/xyz.key

      SSLCertificateChainFile /etc/pki/tls/certs/xyz.crt

       

      </VirtualHost>

       

      The response headers look more or less the same when I access via port and it works vs. via the SSL proxy and it does not work ... except in the proxied connection I see a few redirects to SSL, I also see a 302 for /libs/granite/csrf/token.json to http://hostname/libs/granite/core/content/login.html?resource=%2Flibs%2Fgranite%2Fcsrf%2Ft oken.json&$$login$$=%24%24login%24%24&j_reason=unknown&j_reason_code=unknown ... no https not sure if that's a clue ...

       

      Thanks for any info on what the log means and how I might resolve.