You are viewing limited content. For full access, please sign in.

Question

Question

Laserfiche Forms Infinite Redirect Loop

Version 11 Forms Installation and Upgrades
Updated April 6
asked on April 6

We have just upgraded forms from version 11.0.2307.40547 to version 11.0.2311.50553.
Post upgrade we are no longer able to log into forms as it get stuck in an infinit redirection loop.

Details:
We currently run 2 laserfiche forms instances inside the same network with different subdomains.
The primary server we will call LFMain.domain.com and the second LFSecond.domain.com.

The LFMain server has Forms and Directory server on it. Forms on this server was upgraded to 11.0.2311.50553 from 10.4 without issues.

The LFSecond server just has forms installed and authenticates to LFMain's LFDS.

The LFSecond forms instance worked perfectly fine prior to update and now when you attempt to log in you get redirected to LFDS to signin, once you sign in it redirects you to forms which redirects you to LFDS which redirects you to forms, Rinse Repeat.

Examining the deveoper tools in the browser i can see that one of the calls that should be setting cookies in the browser just isnt. There are no event viewer logs that show any issues or any other logs ive been able to locate. 

Compairing the calls between to 2 different forms portals i can see the request is supposed to set LMAuth, LFFORMSAUTH, and ASPXAUTH but the set cookie header is entirly missing from the LFSecond server.  This makes me lean towards something to do with Certificate mismatch/validation failures causing the authentication to silently fail but im just not sure.
 

1 0

Answer

SELECTED ANSWER
replied on April 6

I’ve resolved my own issue and wanted to share the solution in case it helps anyone else.

The root cause was related to certificate trust. LFDS on LFMain was configured with a self-signed certificate in the XML Endpoint utility, which it used to sign authentication tokens sent to Forms.

However, LFSecond, where Forms was running, did not trust this self-signed certificate. As a quick fix, I added LFMain's self-signed certificate to the trusted certificate store on LFSecond. This allowed the token to be successfully validated, and Forms was then able to create the correct authentication cookies.

This issue didn’t occur on LFMain because LFDS and Forms were on the same server, and the certificate was inherently trusted.

Not sure which change in update 5 made this a set rule but there we go.
 

TL;DR: The certificate bound to LFDS must be trusted by the server running Forms in order for token validation and authentication to work correctly.

1 0

Replies

You are not allowed to reply in this post.
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...