You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by JCR <jc...@proxymit.net> on 2013/07/04 23:49:34 UTC
Problem with form based authentication
Hi all,
I'm about to switch to form based authentication for some of my sites.
I deployed the org.apache.sling.auth.form bundle in version 1.0.2 as I
believe that later versions are not compatible with CRX 2.2.
After some config, the login form pops up and sends the two required
fields j_username and j_password. Unfortunately, the request gets never
approved. Instead, the error.log says the following:
... org.apache.sling.auth.core.impl.SlingAuthenticator
handleLoginFailure: Unable to authenticate jurg: null
Most likely, this is generated by SlingAuthenticator.handleLoginFailure():
} else if (reason instanceof LoginException) {
// request authentication information and send 403 (Forbidden)
// if no handler can request authentication information.
log.info("handleLoginFailure: Unable to authenticate {}: {}", user,
reason.getMessage());
This now raises the following questions:
- using basic authentication, login with the same credentials works fine. So what's keeping form based authenticator from verifying the credentials properly?
- what causes the reason to be empty?
Thanks for any hint,
Juerg
Re: Problem with form based authentication
Posted by Antonio Sanso <as...@adobe.com>.
Hi Juerg,
do you have the full stacktrace?
regards
antonio
On Jul 4, 2013, at 11:49 PM, JCR wrote:
> Hi all,
>
> I'm about to switch to form based authentication for some of my sites.
>
> I deployed the org.apache.sling.auth.form bundle in version 1.0.2 as I
> believe that later versions are not compatible with CRX 2.2.
>
> After some config, the login form pops up and sends the two required
> fields j_username and j_password. Unfortunately, the request gets never
> approved. Instead, the error.log says the following:
>
> ... org.apache.sling.auth.core.impl.SlingAuthenticator
> handleLoginFailure: Unable to authenticate jurg: null
>
> Most likely, this is generated by SlingAuthenticator.handleLoginFailure():
>
> } else if (reason instanceof LoginException) {
>
> // request authentication information and send 403 (Forbidden)
> // if no handler can request authentication information.
> log.info("handleLoginFailure: Unable to authenticate {}: {}", user,
> reason.getMessage());
>
>
> This now raises the following questions:
>
> - using basic authentication, login with the same credentials works fine. So what's keeping form based authenticator from verifying the credentials properly?
> - what causes the reason to be empty?
>
> Thanks for any hint,
> Juerg
>
Fwd: Problem with form based authentication
Posted by JCR <jc...@proxymit.net>.
A follow up on this.
It works meanwhile, but the "solution" is a workaround nobody can get
really happy...
I finally installed version 1.0.0. However, it only works when there is
no assiated configuration with it.
Looks like it falls back to some factory standard that leave the bundle
work properly. WITH a config file, form based authentication handler
will react in the manner described below.
Now, as I really wish to set some specific configuration for several
reasons, does anybody has an idea how to solve this or perhaps how it
could be debugged?
Thanks,
Juerg
-------- Original Message --------
Subject: Problem with form based authentication
Date: Thu, 04 Jul 2013 23:49:34 +0200
From: JCR <jc...@proxymit.net>
Reply-To: dev@sling.apache.org
To: dev@sling.apache.org
Hi all,
I'm about to switch to form based authentication for some of my sites.
I deployed the org.apache.sling.auth.form bundle in version 1.0.2 as I
believe that later versions are not compatible with CRX 2.2.
After some config, the login form pops up and sends the two required
fields j_username and j_password. Unfortunately, the request gets never
approved. Instead, the error.log says the following:
... org.apache.sling.auth.core.impl.SlingAuthenticator
handleLoginFailure: Unable to authenticate jurg: null
Most likely, this is generated by SlingAuthenticator.handleLoginFailure():
} else if (reason instanceof LoginException) {
// request authentication information and send 403 (Forbidden)
// if no handler can request authentication information.
log.info("handleLoginFailure: Unable to authenticate {}: {}", user,
reason.getMessage());
This now raises the following questions:
- using basic authentication, login with the same credentials works fine. So what's keeping form based authenticator from verifying the credentials properly?
- what causes the reason to be empty?
Thanks for any hint,
Juerg