- How to disable Link Checker or configure to mark links as valid in AEM
- Adobe Campaign: Queries against tsEvent take a long time
- How to reset the truststore in AEM
- Audience creation options
- How to look up Launch Darkly flags?
- “User name and password do not match” on login
- Adobe Campaign Standard: File Fails to upload if email entries contain “double”
- How to reset the admin password in AEM 6.3
- AEM redirects user back to http when accessed through SSL/TLS terminated Load Balancer | AEM
- Adobe Campaign: Is TLS 1.3 Supported?
- The Non-Apple SSO TV Provider Authentication Flow
- How to confirm if an MVPD is enabled for Apple SSO
- Change the minification engine for client libraries in AEM
- Adobe Campaign Standard: Can a collection within a collection be used within a JSON payload
- Error: Unable to parse expression ‘@registrationToken’
- How to debug client-side issues in the AEM Touch UI or Classic UI
- How to optimize Oak Lucene indexes to reduce indexing time
- Fix Inconsistencies in the repository when SegmentNotFound Issue is reported in AEM 6.x
- Marketing Channel Instances on Custom Links
- How to set the Oak login token session expiration
- Generating the missing renditions for AEM Assets
- SegmentNotFoundException and IllegalArgumentException
- How to delete the dispatcher cache without logging into to the Dispatcher server | AEM 6.x
- How to force a recompilation of all Sling scripts jsps, java, and sightly in AEM 6.4
- ACC: Workflow best practices - Configuration and monitoring
- Adobe Campaign: BAS-010015 Cannot open file error causing “DeliveryParts” failure
- How to enable secure cookies in AEM
- “Response is committed” error during page load in AEM6.x
- Adobe Campaign Standard: API updates to profiles and services are not being reflected
- Audience Manager to Campaign
- Adobe Campaign Standard: Imported File Transfer activities cannot change external account
- How to block IP addresses at the Apache HTTP Server level?
- Check and analyze if JCR session leaks in your AEM instance
- SAML IDP POST to /saml_login URL returns 403 response
- Permission denied error from java.io.File.createTempFile
- Discover and Build Audiences
- AEM Thread Dump Analysis
- javax.jcr.NamespaceException: Unknown namespace prefix error in AEM
- How can I confirm if SSO is enabled or disabled for my Channel?
- Publishing of references broken on Touch UI
- DRM Error 3324 MachineTokenInvalid Sub Error Code = 111
- How to capture SSAI and Original Manifests Simultaneously
- Adobe Campaign Standard: Substitution of address for transactional messages
- Migrate users, groups, and ACLs between AEM instances
- How to clone a TarMK instance in AEM
- Adobe Primetime Authentication - Most frequently used terms
- How to reindex a synchronous AEM index | AEM, Oak
- How to run a datastore consistency check via oak-run
AEM redirects user back to http when accessed through SSL/TLS terminated Load Balancer | AEM
Description
When accessing AEM through an SSL terminated Load Balancer (or SSL terminated CDN), then AEM redirects back from https to http.
SSL termination at the load balancer means that the SSL certificates are installed in the load balancer. The end user accesses the site through https://, and the Dispatcher/Web Server and AEM are accessed on the back end with http://.
Cause
Different load balancers send different headers to notify the back end systems that SSL is terminated upstream. For example, Amazon ELB uses the header “X-Forwarded-Proto: https”.
Resolution
To fix the issue:
I. Update Dispatcher /clientheaders configuration
Refer to the documentation of your load balancer to find out which header it sets to notify downstream systems that it terminated SSL. For simplicity, in these steps we assume that the correct HTTP header is “X-Forwarded-Proto: https”
- Log in to the dispatcher server.
- Open the dispatcher farm .any configuration.
- Add the header to the /clientheaders section.
If you are using dispatcher without a load balancer or if your load balancer or proxy fails to set the X-Forwarded-Proto header, then you can set it at the web server or dispatcher level. If you are using Apache HTTP Server, then update your HTTPS VirtualHost with this directive:
| 1 | RequestHeader set X-Forwarded-Proto "https" |
|---|
II. Update the Header Configurations:
- Go to http://host:port/system/console/configMgr/org.apache.felix.http.sslfilter.SslFilter, and log in as administrator.
- Set SSL forward header to X-Forwarded-Proto.
- Set SSL forward value to https.
- Click Save.
Note:
There is no standard for reverse proxy headers that tell the back end which protocol is used. However, here are some that are known:
- Amazon ELB (Elastic Load Balancer) uses the “X-Forwarded-Proto: https” header.
- Amazon Cloudfront CDN uses “X-Cloudfront-Proto: https” header.
III. Update the Jetty OSGi Configuration (AEM 6.3 and later versions)
On AEM 6.3 and later versions there is an addition configuration required:
- Log in to http://aem-host:port/system/console/configMgr/org.apache.felix.http.
- Enable the setting Enable Proxy/Load Balancer Connection, and save it.
Resources on adobe.com
Resources
Adobe Account
