1677 views

 

SAML/SSO generates an infinite loop during login when you define glide.security.url.whitelist without adding the IdP URL 

Problem
Under certain conditions, the glide.security.url.whitelist system property is used to block redirections of URL that have not been white-listed and SAML needed a redirection to login.

 

Symptoms
When you log in to your instance, you are redirected to logout_redirect.do over and over again in an infinite loop where users cannot authenticate. You will notice a whitepage and the URL changing only on the SAMLRequest part.

The following conditions must be met:
  • Multi SSO Provider is installed.
  • The glide.security.url.whitelist property is defined.
  • Redirection uses logout_redirect.do
 Note: The latest SAML redirection from Istanbul patch 03 uses auth_redirect.do, which does not require glide.security.url.whitelist to be set.

 

Cause

When you log in to the instance, you are redirected to your SAML provider using logout_redirect.do.

logout_redirect respects the system property glide.security.url.whitelist.

On glide.security.url.whitelist, you add the value of the external URLs to which you want to allow redirection.

The logout_redirect.do might create this loop when you define glide.security.url.whitelist without adding the IdP host name to the property value.


Resolution

  • Set or add to the glide.security.url.whitelist system property the Identity Provider's redirection URLs.
  • If multiple URLs need to be added to the list, separate them with commas.
  • Only the http[s]://hostname[:port]/ part of the URL is required.
  • If the property is not configured, empty, or contains invalid URLs, everything is allowed.

Example:

Type: String
Default value: (empty)
Location: Add to the System Property [sys_properties] table

 Note: Note you only need the beginning of the URL to match.
 

glide.security.url.whitelist

For more information, see the Configure multi-provider SSO documentation topic.

 

Article Information

Last Updated:2018-01-26 05:43:06
Published:2018-01-02