Endless Loop between two realms when AdaptiveAuth is set to redirect to a realm with a Begin site

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version affected: All
    When trying to log into a realm that has Adaptive Auth configured with a Group Based redirect, as per this article Users find themselves in an Endless loop. 

    The Secondary realm has a begin site set to the 1st realm but the User does not have a valid token from the first realm. 


    Either remove the begin site or perform the following steps

    1. Open the Web Admin Console

    2. Navigate to the 1st Realm Post Auth tab and click "View and Configure FormsAuth keys/SSO token"

    3. Make sure the Validation and Decryption key are not set to AutoGenerate. If it is, click Generate New Keys

    4. Copy these Keys to the 2nd realm

    5. Make sure the PreAuth Cookie name on the 2nd realm matches the Pre Auth Cookie name of the first realm and it will now let you in, assuming you're using the redirect method in the article referenced above. 

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful



    Please sign in to leave a comment.