-
Task
-
Resolution: Fixed
-
Critical
-
None
-
None
-
-
Empty show more show less
-
Empty show more show less
-
Yes
-
Yes
-
AdminX 1, AdminX 2
-
8
Login to a subscription -> logout -> login again leads to a too many redirections error
After debugging this problem I discovered that 2 different behaviors are happening based on the following use cases:
- When the user is not member of the subscription-owners Okta group, like for example our internal users (for example the mine ruben.martin@magnolia-cms.com), the login after logging out works fine and involves the following requests:
- https://id.magnolia-cloud.com/login/step-up/redirect?stateToken=00AaC5K9hqXO-EPANVVtu3Vgc_AUoijbLo4rkiJvfQ
- https://author-oawk5s5aiwgktly8.saas.magnolia-cloud.com/.auth?client_name=OidcClient&code=HLEmuFtW8G-AF6h6-2wHuYie4y845ElaiwUcYNHuaJA&state=9c07f280b6
- https://author-oawk5s5aiwgktly8.saas.magnolia-cloud.com/.magnolia/admincentral
- When the user is member of the subscription-owners Okta group, like for example the ones that are using @Edwin and @Alberto, the login after logging out DOESN'T work and involves the following requests:
- https://id.magnolia-cloud.com/login/step-up/redirect?stateToken=00Oe7AJPw3kfClx9IW1u6MUjUXR3fU7KLoc9n935qk
- https://author-oawk5s5aiwgktly8.saas.magnolia-cloud.com/.auth?client_name=OidcClient&code=cYYwcBxZMrWo3KM_iHjOIcC2djYO3vMYxoSxiI3ZsRQ&state=32676da0f5
- https://author-oawk5s5aiwgktly8.saas.magnolia-cloud.com/.magnolia/admincentral?code=cYYwcBxZMrWo3KM_iHjOIcC2djYO3vMYxoSxiI3ZsRQ&state=32676da0f5&client_name=OidcClient
- https://id.magnolia-cloud.com/oauth2/auso366be8ws5S3sc416/v1/authorize?scope=openid+profile+email&response_type=code&redirect_uri=https%3A%2F%2Fauthor-oawk5s5aiwgktly8.saas.magnolia-cloud.com%2F.auth%3Fclient_name%3DOidcClient&state=16795b6960&code_challenge_method=S256&client_id=0oa1aob2otaEWuxXX417&code_challenge=Un7hjUrC8e-la8lSaDFhcFhKTcQdVc9yq1xcDO2RTS8
- https://author-oawk5s5aiwgktly8.saas.magnolia-cloud.com/.auth?client_name=OidcClient&code=PM03YL4R2efvw1yNHKlFwBgeBCNoKKvzlgzU-ZdHVGs&state=16795b6960
- https://author-oawk5s5aiwgktly8.saas.magnolia-cloud.com/.magnolia/admincentral?code=PM03YL4R2efvw1yNHKlFwBgeBCNoKKvzlgzU-ZdHVGs&state=16795b6960&client_name=OidcClient
- https://id.magnolia-cloud.com/oauth2/auso366be8ws5S3sc416/v1/authorize?scope=openid+profile+email&response_type=code&redirect_uri=https%3A%2F%2Fauthor-oawk5s5aiwgktly8.saas.magnolia-cloud.com%2F.auth%3Fclient_name%3DOidcClient&state=a3713e4d98&code_challenge_method=S256&client_id=0oa1aob2otaEWuxXX417&code_challenge=udKkjKIuN7aolB6TqRdJjnXes22OSQmgZMNoxSssBys
- ... and so on until getting the too many redirections error
Consolidated additional info from the previous related ticket https://jira.magnolia-cms.com/browse/MGNLSSO-87
- We noticed this issue in our own cloud first, and then in the following Okta forum post: https://devforum.okta.com/t/magnolia-sso-single-sign-on-with-okta-too-many-redirects/18031
- Also, the following commit helped to avoid the issue right after logout: https://git.magnolia-cms.com/projects/ENTERPRISE/repos/magnolia-sso/commits/a7698bbf1fe17e361456aac3b8a8d9caa5487d90
- The problem still happened when the Magnolia session expired, thus why we aligned the sessions increasing Magnolia's up to 2 hours.
- Which unfortunately still didn't fix the issue completely.
- is related to
-
MGNLSSO-87 Infinite loop with Okta
- Closed
-
MGNLSSO-98 Inconsistent behaviour after "Connection lost. Trying to reconnect..." message
- Closed
- relates to
-
MAGNOLIA-8282 Bootstrapped role cannot be assigned right after in startup tasks
- Closed
-
MGNLSSO-26 Look into using a securityCallback
- Closed
-
MGNLSSO-93 URI permission conflict for anonymous role
- Closed
-
DOCU-2369 Add note to SSO module page
- Closed