You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by JCR <jc...@proxymit.net> on 2013/08/22 22:30:04 UTC

Fwd: Problem with form based authentication

A follow up on this.
It works meanwhile, but the "solution" is a workaround nobody can get 
really happy...

I finally installed version 1.0.0. However, it only works when there is 
no assiated configuration with it.
Looks like it falls back to some factory standard that leave the bundle 
work properly. WITH a config file, form based authentication handler 
will react in the manner described below.

Now, as I really wish to set some specific configuration for several 
reasons, does anybody has an idea how to solve this or perhaps how it 
could be debugged?

Thanks,
Juerg


-------- Original Message --------
Subject: 	Problem with form based authentication
Date: 	Thu, 04 Jul 2013 23:49:34 +0200
From: 	JCR <jc...@proxymit.net>
Reply-To: 	dev@sling.apache.org
To: 	dev@sling.apache.org



Hi all,

I'm about to switch to form based authentication for some of my sites.

I deployed the org.apache.sling.auth.form bundle in version 1.0.2 as I
believe that later versions are not compatible with CRX 2.2.

After some config, the login form pops up and sends the two required
fields j_username and j_password. Unfortunately, the request gets never
approved. Instead, the error.log says the following:

      ... org.apache.sling.auth.core.impl.SlingAuthenticator
handleLoginFailure: Unable to authenticate jurg: null

Most likely, this is generated by SlingAuthenticator.handleLoginFailure():

	} else if (reason instanceof LoginException) {

              // request authentication information and send 403 (Forbidden)
              // if no handler can request authentication information.
              log.info("handleLoginFailure: Unable to authenticate {}: {}", user,
                  reason.getMessage());


This now raises the following questions:

- using basic authentication, login with the same credentials works fine. So what's keeping form based authenticator from verifying the credentials properly?
- what causes the reason to be empty?

Thanks for any hint,
Juerg