Authentication issues with 7.2 upgrade

Posted by Community Admin on 04-Aug-2018 16:32

Authentication issues with 7.2 upgrade

Sitefinity - Bugs & Issues

All Replies

Posted by Community Admin on 09-Jan-2015 00:00

We have an Enterprise Multisite install in a load-balanced environment that we have recently upgraded to version 7.2 from 5.4. We have since then run into many issues with authentication, and we were hoping someone else might have overcome similar issues or otherwise be able to help us with this.

Since we are seeing similar issues in our non-load balanced development environments, I'm not sure that the load balancer has anything to do with the problem, but I mention it because it is an additional variable.

First off, we believe that we have the security settings correct, set according to the instructions at docs.sitefinity.com/administration-configure-security. However, since the instructions are somewhat ambiguous, we are not 100% certain.

We are using claims-based authentication with two membership providers, the Default sitefinity provider and an LDAP provider pulling from Active Directory.

On both servers we have the following settings:

Settings > Advanced > Security > SecurityTokenIssuers

http://localhost
https://localhost
oursite.com/.../SWT
oursite.com/.../SWT

Settings > Advanced > Security > RelyingParties

http://localhost
https://localhost
http://10.1.2.108
http://10.1.2.109
http://oursite.com
https://oursite.com

with the IPs being the IP addresses of the servers in the load balancer. These are all set up to use the Default membership provider.

The behavior we are seeing is twofold:

1) When a user logs in to the site, the SF-TokenId and FedAuth cookies are being added to the browser, but the browser is not always redirecting anywhere (i.e., it is staying on the login page), although the redirect_uri querystring is populated with a location. If a user manually enters that redirect_uri into the browser's address bar, they can visit that page as an authenticated user without an issue.

2) When a user tries to log out via oursite.com/.../SignOut, the authentication cookies are not always deleted, and the user remains effectively logged into the site.

In both of the above cases, the normal login methods occasionally do seem to work correctly (i.e., on login the user is redirected correctly, and on logout the authentication cookies are deleted), but I have been unable to determine a condition that might cause this. The most reliable way to get things to work correctly is to start with a "clean slate", that is a browser in which the history has been completely cleared (cache, cookies, authorization, etc).

Any suggestions would be useful.

Posted by Community Admin on 13-Jan-2015 00:00

Hello Joseph,

I have already answer you in the support ticket.

Once there is a resolution you can share it with the community.

Regards,
Svetoslav Manchev
Telerik

 
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
 

This thread is closed