It goes through various layers like
* Filters (Ex:- Refferer Filter)
* sling authenticator handlers (You might have various login handler & based on passed parameters respective handlers get picked up )
* Global Acl setup
* CQ5 security
What is going on Can not be predicated with little information & it various. However following below tips you will find answer yourself.
1. Go to http://<host>:<port>/system/console/requests (Default is 20 request increase it if required)
2. Make a request from curl command
3. At 1. refresh the page & you will see get request for login. Click on it & will show you the details of all the handler & request it passed through.
4. Repeat 3 & 4 for a request from browser.
5. See if there is any difference between 3 & 4.
6. Based on your symptoms there should be difference & should give you hint what is going on.
7. Assume there is no difference then disable each component one by one that is part of login request. Then make a request from browser & will help to find where it get blocked.
If above steps find difficulty use http://sling.staging.apache.org/documentation/bundles/request-analysis.html and attach requesttracker.txt
"/system/console/requests" sounds like it should be a big help. Unfortunately, it's not working. It is recording requests (I can see the count changing), but only shows "Internal Server Error" in the list of recent requests.
Fortunately, the request analyzer osgi bundle and app does work, This should allow me to track down the offending request.
Thanks for the help