IE8 admin login issue
Hi there,
I'm unable to log into the admin (backend) pages when using IE8 and using an Ldap authentication provider. using the 'default' authentication provider, I am able to login. Using any other browser, I can log in without issues (both authentication provider methods). Has anybody encountered this before? This is a show stopper for us.... using v5.4
I have configured IIS/folder structure/database to the T. http://www.sitefinity.com/documentation/documentationarticles/installation-and-administration-guide/install-sitefinity/configuring-the-iis-to-host-sitefinity-projects
Thanks!
Hi,
I have tested 5.4 with LDAP authentication in IE 8 it works as expected. Would it be possible to open a support ticket and include more details regarding the setup of your test site. That way we will be able to test a scenario as closely as possible.
Thank you in advance.
Hi,
I think I've narrowed the problem down a bit... I'm now getting the following error:
The message: Missing configuration for the requesting relying party http://<site.domain.com>
I've looked at the following articles in your forums related to this, but nothing has helped. To note, my site is not running over SSL...
www.sitefinity.com/.../5-0-issue-sso-claim-authentication
Is there any added configuration that is required for the SecurityTokenIssuers?? Currently I only have one configured (and it is for the 'default' membership provider -- not my Ldap membership provider)...
www.sitefinity.com/.../supported-membership-providers
In the end, I don't think this was related....
Using Fidler, the actual error generated is an 'HTTP/1.1 302 Found' (Object moved) and looking at the actual headers, it might be because that the actual value in the Transport is too long. It's 3245 characters in length -- this far exceeds the 'standard/support' length that I've been able to find in literature for IE8 --Maximum URL length is 2,083 characters in Internet Explorer
This lends more support as to why I don't encounter this issue with other browsers (they have far larger limits to the length in the URL)...
stackoverflow.com/.../what-is-the-maximum-length-of-a-url-in-different-browsers
Can you please provide perhaps a solution/explanation as to why the URL is so long simply to authenticate? Seems as though all the viewstate or something is attached? Below is what is sent:
Hi,
You need to add the url from the error as a relying party. Go to the Security.config file, copy the existing relying party and just change the realm to url from the error. Save and restart the application.
The length of the request depends on the number of roles a user has, the more roles, the longer and since it encrypts the information it gets longer. Would it be possible to check how many roles that user has, please?
Would it be possible to check the following sections in the web.config:
<security> <requestFiltering> <requestLimits maxQueryString="7200" /> </requestFiltering> </security><httpRuntime maxUrlLength="102400" maxQueryStringLength="102400" maxRequestLength="102400" requestValidationType="Telerik.Sitefinity.Security.Claims.CustomRequestValidator, Telerik.Sitefinity" />Hi Atanas,
Thanks for the suggestion. I have already set those web.config values -- they haven't helped.
In response to how any AD roles my user has (I'm testing user my AD account) -- there are 29 AD group memberships. (I'm assuming this is what you were asking regarding 'roles)... However, I've associated 2 sitefinity 'roles' to this user as well (backendusers, and another custom role that I've created)...
Can you please help elaborate on adding the relying party? What I've done previously was I've copied the 'authenticate' portion of the URL as the 'Realm' and copied over the existing 'http:localhost' relying parties Key (so that they're the same). This hasn't helped though...
I now have two relying parties configured. (both with the same key)
1) http://localhost
2) localhost/.../SWT
Do I need to configure the relying party as something else (here's the actual URL from when I try to log into the admin sectino via ldap.
http://localhost/MySite/Sitefinity/Authenticate/SWT?realm=http%3a%2f%2flocalhost%2fMySite%2f&redirect_uri=%2fMySite%2fsitefinity&deflate=true
I am not trying to achieve SSO (the article I found was related to that, I apologize for the confusion). I am trying to allow for 'multiple' authentication providers (both the 'default' and an LdAP one)...
Thanks for your suggestions
Hi,
The Relying party error which you got for site.domain.com can be resolved by adding that address to the relying parties:
<relyingParties> <add key="F033D3A3799B086BCB17ED59CD440F4B9FFB99830D862396ECDBEEBBE70C6487" encoding="Hexadecimal" realm="http://localhost" /> <add key="F033D3A3799B086BCB17ED59CD440F4B9FFB99830D862396ECDBEEBBE70C6487" encoding="Hexadecimal" realm="http://site.domain.com " /> </relyingParties>Hi Atanas,
I've ensured my relyingParties entry match to what you've suggested. Unfortunatley it didn't resolve the issue. I've tried using an AD account with only 2 memberships, but same issue happened. (and this wouldn't be a viable resolution for us either). Again, this issue is only happening with IE 8. I feel it's still something to do with the length of the request (even though I've upped the settings for the httpRuntim config sections outlined in a previous response.