No landing page, keeps looping back to log in page after successful log in

[Li Ma]

Hi I would be eternally grateful if anybody can help with this:

I followed the installation guide and got the latest version 3.11.0 running

The login page displays correctly. I hooke NEMO up to a LDAP server and nemo reports successful log in via LDAP. The LDAP server reports the same.

However, even after a successful log in, I keep getting looped back to the log in page.

Any ideas?

Is there anything that I need to do afterwards to set up the landing page, that is not documented in the installation guide? Have I missed a trick here?

Thanks so much!

[Mathieu Rampant]

Hi,

That's a bit strange. Just to be sure, can you please double check that in settings.py you have 'django.contrib.sessions', in INSTALLED_APPS and that you have 'django.contrib.sessions.middleware.SessionMiddleware', in MIDDLEWARE

Also, did you create a superuser with the same username (using django-admin createsuperuser) prior to logging in?

Good luck,

Mathieu

--
You received this message because you are subscribed to the Google Groups "nemo" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nemo+uns...@list.nist.gov.
To view this discussion on the web visit https://groups.google.com/a/list.nist.gov/d/msgid/nemo/7ecb92f5-aa03-41e6-b22a-169e879ed10fn%40list.nist.gov.

[Li Ma]

Hi Mathieu,

Thanks - both are present in my settings.py.

I suppose there are no other config files that I need to compose (such as one similar to splash_pad.json) before getting to the landing page?

Thanks, Li

[Li Ma]

... oh and yes I did create a superuser.

[Mathieu Rampant]

Thank you.

May I ask how you installed NEMO? 

Are you using a packaged version? (docker image or pip install) 

or are you running the code from Github with Pycharm?

The next step would be to post your settings.py (without the secret key, db or ldap sensitive info) so I can take a look.

Thanks,

Mathieu

[Li Ma]

Hi Mathieu,

Thanks.

I installed a packaged version, from Docker hub - nanofab/nemo:3.11.0, together with nanofab/nginx:2.6.0

After setting up the folder structure, I crafted the settings.py and nginx.conf files, both attached.

I then collected static files, created the database and the superuser:

docker run --interactive --tty --volume /home/captain/nemo:/nemo nanofab/nemo:3.11.0 django-admin collectstatic --no-input --clear

docker run --interactive --tty --volume /home/captain/nemo3/nemo:/nemo nanofab/nemo:3.11.0 bash -c "django-admin makemigrations NEMO && django-admin migrate"

docker run --interactive --tty --volume /home/captain/nemo3/nemo:/nemo nanofab/nemo:3.11.0 django-admin createsuperuser

I then used docker-compose to start the containers, YAML file attached.

I was then able to visit the webpage from another machine on the same domain:

I then proceeded to log in, with user name and password set on the LDAP server. The following log appears from NEMO:

nemo     | [06/Jul/2021 22:58:33] NEMO.views.authentication DEBUG User captain exists in the database and is active.

nemo     | [06/Jul/2021 22:58:33] NEMO.views.authentication DEBUG User captain was successfully authenticated with LDAP (ldap.subdomain.domain.com)

This success is confirmed by the log on the LDAP server side. Both the full NEMO log starting from when the container was started, and the logs from LDAP over the successful authentication are attached.

However, the browser quickly refreshes and simply returns the same page, as given in the screenshot above. The actual address as shown in the address bar is:

http://nemo.subdomain.domain.com/login/?next=/

Note that in all files attached sensitive info has been replaced, where: the superuser is 'captain', the LDAP server is on ldap.subdomain.domain.com, the NEMO server is on nemo.subdomain.domain.com

I crafted the LDAP section of settings.py by reading the source code authentication.py, in order to figure out which properties should be set.

In addition, I have previously used your nemo-compose.zip file, successfully reaching the landing page and was able to access all/most features of NEMO. However the version in that file was 1.1.12 (I recall). Having had success I was simply trying to deploy the latest version, where this loop-back problem occurred.

I hope that I have tried to include enough details, please do shout if you need more info.

Many thanks,

Li

[Mathieu Rampant]

Hi Li,

It's working fine with your settings and my ldap server.

You should remove the "proxy_set_header Authorization captain;" in nginx.conf since you are not forcing the login as captain anymore (you are using ldap).

Can you try creating a superuser with username "einstein", and using the following ldap parameters:

LDAP_SERVERS = [

  {
    'url': 'ldap.forumsys.com',

    'port': 389,

    'use_ssl': False,

    'bind_as_authentication': False,

    'base_dn': 'dc=example,dc=com',

  },

]

This is a test ldap available on the internet. username is "einstein" and password is "password"

This way we rule out a potential LDAP misconfiguration.

Mathieu

[Li Ma]

Hi Mathieu,

Thanks. I have:

(1) Removed the line you suggested in nginx.conf.

(2) Added the test LDAP server as you suggested.

I restarted the containers after each action and tested the login. The same thing happens. I get looped back onto the log-in page, with no error messages / banner.

The nemo log shows:

nemo     | [07/Jul/2021 22:05:58] NEMO.views.authentication DEBUG User einstein exists in the database and is active.

nemo     | [07/Jul/2021 22:06:00] NEMO.views.authentication DEBUG User einstein was successfully authenticated with LDAP (ldap.forumsys.com)

I guess the rules out an LDAP msiconfig?

Is there any way of enabling more log to trace where things have gone wrong?

Many thanks,

Li

[Mathieu Rampant]

Hi Li,

When accessing from outside the server (non-localhost) you cannot use SESSION_COOKIE_SECURE = True unless you have a SSL Certificate installed.

Set SESSION_COOKIE_SECURE = False until you have a SSL Certificate installed.

Thanks,
Mathieu

[Li Ma]

Hi Mathieu,

That solves it. I can see the landing page now.

Thanks a million! I am trialing NEMO for my organisation. Will let you know how it goes.

Li

[Mathieu Rampant]

Hi Li,

No problem. Feel free to reach out again with any questions!

Mathieu