Redirect error when trying to login as administrator
22 views
Skip to first unread message
adam.b...@uk.coop
Nov 27, 2017, 6:01:24 AM11/27/17
to SimpleSAMLphp
Hi.
I've installed simplesaml as normal on a server and currently trying to configure it. I've changed the admin password, added a secret salt and the database connection is currently set to phpsession, which I will change once simplesaml has been tested. I am trying to add idp values now and I need to login as administrator to use the metadata converter but as soon as I click on login as administrator I am prompted with a screen that says 'the page isn't working and you were redirected too many times'. I'm not an expert with simplesaml and it's the first time I'm really using it. Any kind of help is welcome.
Thanks in advanced
Peter Schober
Nov 27, 2017, 6:44:18 AM11/27/17
to SimpleSAMLphp
* adam.b...@uk.coop <adam.b...@uk.coop> [2017-11-27 12:01]:
needs changing in a default install and php sessions will be used by
default.
> I am trying to add idp values now and I need to login as
> administrator to use the metadata converter
So you're trying to build a SAML SP and you're trying to add SAML IDPs
(is that what "add[ing] idp values" means)?
While you can do that that doesn't scale well, as every party to the
exchange would need to manually add the other party, too.
Also I think you should be able to use the metadata converter from the
command line, not only from the admin web UI.
> but as soon as I click on login as administrator I am prompted with
> a screen that says 'the page isn't working and you were redirected
> too many times'. I'm not an expert with simplesaml and it's the
> first time I'm really using it. Any kind of help is welcome.
That message is not from SimpleSAMLphp, but from your web browser.
Noone else will know why your browser is looping, you'll need to look
at the cookies that are tried to being set and figure out why the
browser doesn't accept them.
Likely something to do with http vs. https and/or the baseurlpath
and/or the vhost/hostname not being correct.
You didn't supply any details either, e.g. the browser-visible
hostname of the server, the baseurlpath setting you're trying to use,
whether you've set HTTP Cookies to be marked "secure", etc.
-peter
> I've installed simplesaml as normal on a server and currently trying to
> configure it. I've changed the admin password, added a secret salt and the
> database connection is currently set to phpsession, which I will change
> once simplesaml has been tested.
What "database connection" do you refer to here? There's nothing that
> configure it. I've changed the admin password, added a secret salt and the
> database connection is currently set to phpsession, which I will change
> once simplesaml has been tested.
needs changing in a default install and php sessions will be used by
default.
> I am trying to add idp values now and I need to login as
> administrator to use the metadata converter
(is that what "add[ing] idp values" means)?
While you can do that that doesn't scale well, as every party to the
exchange would need to manually add the other party, too.
Also I think you should be able to use the metadata converter from the
command line, not only from the admin web UI.
> but as soon as I click on login as administrator I am prompted with
> a screen that says 'the page isn't working and you were redirected
> too many times'. I'm not an expert with simplesaml and it's the
> first time I'm really using it. Any kind of help is welcome.
Noone else will know why your browser is looping, you'll need to look
at the cookies that are tried to being set and figure out why the
browser doesn't accept them.
Likely something to do with http vs. https and/or the baseurlpath
and/or the vhost/hostname not being correct.
You didn't supply any details either, e.g. the browser-visible
hostname of the server, the baseurlpath setting you're trying to use,
whether you've set HTTP Cookies to be marked "secure", etc.
-peter
adam.b...@uk.coop
Nov 27, 2017, 8:03:08 AM11/27/17
to SimpleSAMLphp
Hi Peter.
A simplesaml configuration was done previously on a AWS instance and I am trying to replicate the work done by the previous developers on a new instance. The developers provided me with a manual to follow to configure simplesaml correctly and I'm trying to convert some metadata using the converter but to do so I need to be logged in as admin, which is where I get the redirect loop. The baseurlpath is set to simplesaml/ and the hostname was also added in the vhosts.conf file.
With this setup being done previously on another AWS instance would I need to change the cookie names within the config file?
Again I'm not an expert in any way and I'm using simplesaml for the first time.
Thanks in advanced
Peter Schober
Nov 27, 2017, 9:55:26 AM11/27/17
to SimpleSAMLphp
* adam.b...@uk.coop <adam.b...@uk.coop> [2017-11-27 14:03]:
debug your problem. (And vhosts.conf doesn't even tell me what
software it is meant for, let alone whether its content matches the
hostname and schema and port the web browser is seeing.)
TL;DR: You have a loop. That usually means HTTP Cookies are not set
successfully, or some other fundamental misconfiguration wrt hostname,
schema, port and/or the "secure" flag.
Try Firefox's Live Headers extension (or anything else that shows HTTP
Request and Response headers) and look at the repsonses, esp. Cookie
and Location headers.
-peter
> I get the redirect loop. The baseurlpath is set to simplesaml/ and
> the hostname was also added in the vhosts.conf file. With this
> setup being done previously on another AWS instance would I need to
> change the cookie names within the config file?
Sadly this adds nothing that would allow anyone else to help you to
> the hostname was also added in the vhosts.conf file. With this
> setup being done previously on another AWS instance would I need to
> change the cookie names within the config file?
debug your problem. (And vhosts.conf doesn't even tell me what
software it is meant for, let alone whether its content matches the
hostname and schema and port the web browser is seeing.)
TL;DR: You have a loop. That usually means HTTP Cookies are not set
successfully, or some other fundamental misconfiguration wrt hostname,
schema, port and/or the "secure" flag.
Try Firefox's Live Headers extension (or anything else that shows HTTP
Request and Response headers) and look at the repsonses, esp. Cookie
and Location headers.
-peter
Reply all
Reply to author
Forward
0 new messages