XNAT 1.7.2 : redirection issue on first login

[MarkC]

Hi,

I realise that others have reported having problems with XNAT 1.7 into an infinite redirection loop when logging in for the first time with an admin account, but I couldn't see a relevant solution plus my setup is a bit unusual. I tend to run my test instances of XNAT as virtual machines that NAT via the physical host (the VMs don't even have a DNS entry), and this has worked perfectly with XNAT 1.6.x. I've now tried installing 1.7.2 for the first time, and I get the dreaded "This page isn't redirecting properly" via the browser. I should say that I'm using a Centos 7 VM, with Tomcat 7 and have tried both Sun Java 7 and 8, with same result. The login attempt is apparently successful according the the ${xnat.home}/logs/access.log.  The security.log file has a pile of entries of the form:

2017-02-28 12:18:56,140 [http-bio-8443-exec-7] WARN  org.nrg.xnat.security.XnatInitCheckFilter - Admin user admin has logged into the uninitialized server and is being redirected to https://a.b.c.d:4443/xnat/setup

Note that the host a.b.c.d is the FQDN of the physical host that hosts the VMs, and for this instance port 4443 is redirected by VirtualBox to port 8443 on the VM. Hence, this looks sensible to me, and has worked fine with many 1.6.x instances. If we now look in /var/log/tomcat/localhost_access_log then we can see the redirects being recorded:

<snip>

10.0.2.2 - - [28/Feb/2017:12:37:10 +0000] "GET /xnat/scripts/xmodal-v1/loading_bar.gif HTTP/1.1" 200 6610

10.0.2.2 - - [28/Feb/2017:12:40:42 +0000] "POST /xnat/login HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:42 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:43 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:43 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:44 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:44 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:45 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:45 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:45 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:46 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:46 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:46 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:47 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:47 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:47 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:47 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:48 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:48 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:49 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:49 +0000] "GET /xnat/setup HTTP/1.1" 302 -

10.0.2.2 - - [28/Feb/2017:12:40:49 +0000] "GET /xnat/setup HTTP/1.1" 302 -

I've tried uncommenting the <Manager pathname="" /> entry in /etc/tomcat/context.xml, but to no avail. I'd be extremely grateful for any solutions that people may have to offer.

TIA,

Mark

[MarkC]

Well knock me down with a feather and call me Susan! In an act of desperation I moved the installation to be ROOT.war rather than xnat.war in /var/lib/tomcat/webapps, and it burst into life. Hence, as long as the URL is https://a.b.c.d:4443/ as opposed to  https://a.b.c.d:4443/xnat/, then the redirection problem disappears. Now, would anyone like to venture as to why?

Best regards,

Mark

[Zihao ZHU]

Thank you so much! You saved me. The redirection problem disappears as i moved the xnat.war to ROOT.war. But i'm still confused

在 2017年2月28日星期二 UTC+8下午10:59:57，MarkC写道：

[Herrick, Rick]

There was a bug in the security layer where the app context somehow got dropped when checking whether pages were part of the setup. Basically, during initialization, the app would redirect you to http://server/xnat/setup, then check to see whether that was a page you’re allowed to go to before the system was initialized. The problem is that it would test /xnat/setup against /setup and say nope, that’s not a valid page, you need to go to… /xnat/setup. Thus the loop. I’m not sure what changed to make this stop working, but I pushed a fix for the issue up last week. The next release of XNAT should work properly with a non-root context path.

 

-- 

Rick Herrick

Sr. Programmer/Analyst

Neuroinformatics Research Group

Washington University School of Medicine

--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xnat_discussi...@googlegroups.com.
To post to this group, send email to xnat_di...@googlegroups.com.
Visit this group at https://groups.google.com/group/xnat_discussion.
For more options, visit https://groups.google.com/d/optout.

 

---

The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.

[Albert Crowley]

Has this fix been committed to the public repository yet?  I did a quick scan of the git log and didn't see it.  

We are preparing to run an upgrade and it would make our deployment process a lot smoother if we could get around this redirect problem.

[Herrick, Rick]

Yes, committed 3 March:

 

·         https://bitbucket.org/xnatdev/xnat-web/commits/c01023e48b7d3be27c7c557e4e2be7e5730f42ca

·         https://bitbucket.org/xnatdev/xnat-web/commits/84febbcb6d669389294f4b5a049a9af161db71ca

 

The relevant issues are XNAT-4758 and XNAT-4759. If you run into any other issues related to this, feel free to add a comment on the issue with any details.

-- 

Rick Herrick

Sr. Programmer/Analyst

Neuroinformatics Research Group

Washington University School of Medicine

 

[Raminder Singh]

Hi Rick, 

I did a migration from 1.6 to 1.7.2 and facing the same problem to load the setup page. I looked into tomcat logs and XNAT logs in home/logs and did not find any issue with my setup.Database was also updated as it should be but setup page is not loading. Any suggestions how I can debug this?

SOURCE: /Data/tomcat/apache-tomcat-7.0.75/webapps/ROOT/

Database up to date. 

Thanks

Raminder

On Tuesday, March 7, 2017 at 11:21:20 AM UTC-5, Rick Herrick wrote:

[Raminder Singh]

I tried to change conf/context.xml and still no luck to resolve ERR_TOO_MANY_REDIRECTS. I verified permissions for xnat user and it all look good. Please advice me what else I can try. 

Thanks

Raminder

[Herrick, Rick]

Raminder,

 

The issues that Mark and others had previously were specifically because of the application context, that is, the part of the URL after the server address, e.g. the highlighted part here https://foo.school.edu/xnat. Since you have yours installed as ROOT.war, I think you’re seeing a different issue. You shouldn’t need to modify the conf/context.xml in your Tomcat configuration other than to uncomment the <Manager> element (setting pathname=”” there gets around a serialization error message on start-up).

 

Application mapping in XNAT 1.7 is best handled by the Tomcat deployment logic, i.e. if you put your ROOT.war into the Tomcat webapps folder, you’ll get XNAT running at http://server, otherwise if you put xnat.war or foo.war or whatever into the webapps folder you’ll get http://server/xnat, http://server/foo, etc.

 

Try restoring the server.xml and context.xml files for Tomcat to their default state other than the <Manager> element in context.xml (this may mean *changing* the server.xml back to the default state if you had it modified for an XNAT installation).

 

The other possibility is that you have SSL being handled by a front-end proxy like Apache or nginx, but have the security channel (on the Site Administration page under Site Settings->Security->Security Channel) set to https. The problem in that case is that, since the proxy handles SSL, the request arrives at Tomcat as http. But then XNAT’s security layer sees that, realizes the request is http, and redirects the request back to https. So then the browser gets that back and requests https://server, which goes through the proxy, which sends the request onto Tomcat as http, and XNAT does a redirect to https and so on. There’s no solution to this particular problem on the XNAT side: whatever happens to the request before it arrives at Tomcat is beyond its control, so the option in that case is to leave the security channel set to http or Any.

 

-- 

Rick Herrick

Sr. Programmer/Analyst

Neuroinformatics Research Group

Washington University School of Medicine

 

From: "xnat_di...@googlegroups.com" <xnat_di...@googlegroups.com> on behalf of Raminder Singh <rsan...@gmail.com>
Reply-To: "xnat_di...@googlegroups.com" <xnat_di...@googlegroups.com>
Date: Thursday, March 30, 2017 at 1:14 PM
To: "xnat_di...@googlegroups.com" <xnat_di...@googlegroups.com>
Subject: [XNAT Discussion] Re: XNAT 1.7.2 : redirection issue on first login

 

I tried to change conf/context.xml and still no luck to resolve ERR_TOO_MANY_REDIRECTS. I verified permissions for xnat user and it all look good. Please advice me what else I can try. 

--

You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xnat_discussi...@googlegroups.com.
To post to this group, send email to xnat_di...@googlegroups.com.
Visit this group at https://groups.google.com/group/xnat_discussion.
For more options, visit https://groups.google.com/d/optout.

[Raminder Singh]

Thanks Rick. I figured problem I am facing is related to migration. I started tomcat with new database and it worked well. I am migrating 1.6.3 database to 1.7.2. When I am starting tomcat with XNAT 1.7.2  with database from 1.6.3, it updates the database but somehow it does not update configuration tables right. Can you please point me to the tables I should not migrate? I can configure them again here in new version. Please let me know if you need more information. 

Thanks

Raminder

[legacy....@gmail.com]

Rick,

    I am still having this issue with XNAT installed on Windows Server 2016.  Everything works if it's the ROOT app, but outside of that I get the redirect error.  I worked through some of the suggestions in this and other forums.

OS: Server 2016

Tomcat: 7.0.79

Postgres: 9.6.3

XNAT: 1.7.2

Thanks for the help.

Sean

[Herrick, Rick]

Yes, you’d still have this issue with 1.7.2, which was released on 10 January. The fixes for this were committed in March. I’m in the process of building the release war for 1.7.3 at this very moment. You should be able to grab that later today or tomorrow. Try with that and see how it goes.

 

-- 

Rick Herrick

Sr. Programmer/Analyst

Neuroinformatics Research Group

Washington University School of Medicine

Phone: +1 (314) 273-1645

[legacy....@gmail.com]

Rick,

             Thanks for the help, 1.7.3 works great locally.  Now I'm getting too many redirects when using IIS reverse proxy.  Again putting XNAT as the ROOT webapp works.  Any ideas?  If you need more info let me know.

Thanks,

Sean Green

[legacy....@gmail.com]

I stumbled upon a fix for this one myself.  If I set XNAT as a non root app in tomcat I need to match the IIS reverse proxy to that location.  Example:

Xnat on Tomcat = http://localhost:8080/XNAT

IIS reverse proxy = set up virtual folder named XNAT and put URL Rewrite reverse proxy rule to point to http://localhost:8080/XNAT

Everything works after that

Sean