Comprehensive data protection for all workloads
Post Reply
kdizdar
Novice
Posts: 3
Liked: never
Joined: Apr 18, 2023 1:48 pm
Contact:

Authentication of external users imported from LDAP directory causing infinite loop

Post by kdizdar »

Support case reffering: #05962511

Greetings,

We're experiencing issues when authenticating external users imported from LDAP directory. The issue is, if external user does not exist in user database on the self-service portal, login attempts go to an infinite loop.
I have to note, that this behaviour is not happening on Administration console on the same VEM page (/backup sub-URL is for clients, parent URL is administration console) - on parent URL, you get "Access Denied" message as it should be, while clients get stuck in a loop, causing fail2ban from LDAP connector service (if security requirements have been met)

[23.03.2023 15:06:04] <85> Info Initiating login to https://authproxy.xx.xx/saml2/idp/login
[23.03.2023 15:06:04] <54> Info Successfully processed SAML response Microsoft.IdentityModel.Tokens.Saml2.Saml2Id and authenticated xxxx@xx.xx
[23.03.2023 15:06:04] <54> Info [SAML] Got identity :
[23.03.2023 15:06:04] <54> Info [SAML] Got NameId claim: http://schemas.xmlsoap.org/ws/2005/05/i ... identifier: xxxx@xx.xx
[23.03.2023 15:06:04] <54> Info [SAML] Group claims: xxxx@xx.xx
[23.03.2023 15:06:04] <54> Info Connecting to [localhost:9394] under [current account]. Selfrestore mode: 'off'. Session Uid: 8590f4de-5750-425e-815b-f2944650b9e3
[23.03.2023 15:06:04] <54> Error Failed to create user context from authentication data. Data: [Username: xxxx@xx.xx, SessionId: 8590f4de-5750-425e-815b-f2944650b9e3, SelfRestore: False, AuthType: SamlToken, Credentials: ], IsLogon: [True]
[23.03.2023 15:06:04] <54> Error User 'xxxx@xx.xx' does not have any roles assigned (System.UnauthorizedAccessException)

This error is legit, but error does not return any message to the client and there is the core of the problem.
Posting this because of tracking feature request.

best regards
HannesK
Product Manager
Posts: 14314
Liked: 2887 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: Authentication of external users imported from LDAP directory causing infinite loop

Post by HannesK »

Hello,
and welcome to the forums.
Posting this because of tracking feature request.
it looks more like a bug. The way to get rid of this is asking support for a bug number to make sure it gets fixed (as far as I see, the case was escalated some days ago already, so support should finish the job). :-)

Best regards,
Hannes
kdizdar
Novice
Posts: 3
Liked: never
Joined: Apr 18, 2023 1:48 pm
Contact:

Re: Authentication of external users imported from LDAP directory causing infinite loop

Post by kdizdar »

Thanks for a warm welcome message :)
I got redirected here, so that's why I'm posting and following this...
HannesK
Product Manager
Posts: 14314
Liked: 2887 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: Authentication of external users imported from LDAP directory causing infinite loop

Post by HannesK »

okay, I'm talking to support now to get it escalated to R&D :-)
HannesK
Product Manager
Posts: 14314
Liked: 2887 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: Authentication of external users imported from LDAP directory causing infinite loop

Post by HannesK »

ah sorry, I just saw that you are on V11. So I can only repeat the suggestion from support to update to the latest V12 version. If it still persists, then we can look at fixing it.
kdizdar
Novice
Posts: 3
Liked: never
Joined: Apr 18, 2023 1:48 pm
Contact:

Re: Authentication of external users imported from LDAP directory causing infinite loop

Post by kdizdar »

Hello Hannes,

#06040273 - issue still persists unfortunately :/
We have upgraded to v12...
Could you please take a look at it?

thanks
HannesK
Product Manager
Posts: 14314
Liked: 2887 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: Authentication of external users imported from LDAP directory causing infinite loop

Post by HannesK »

Hello,
that's sad to hear. Yes, I will talk to support. But they need logs. As far as I see, there are no logs in the case.

Best regards,
Hannes
Post Reply

Who is online

Users browsing this forum: Semrush [Bot] and 45 guests