Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Using Forms-Based Authentication with ESP Users Experience a Login Loop until the browser Cookies and Cache are Cleared.

 

Information

 

Summary:

In some cases clients can experience a login loop when trying to authenticate using the ESP (Edge Security Pack) Forms-based login page until the client clears the browser cookies and cache.

This article covers the steps required to resolve this issue.

Environment:

Product: LoadMaster

Version: 7.2.55 and older

Platform: Any

Application: Any

Question/Problem Description:

When attempting to access a backend application that is protected using ESP and a Forms-Based Login Method is used clients can experience a login loop until the browser cookies and cache a cleared.

After the cookie and cache are cleared in the browser the client can then login successfully.

What is the root cause of the issue and how can it be resolved?

Steps to Reproduce:

A LoadMaster on firmware version 7.2.55 or lower is requested.

Enable ESP on a Virtual Service.

Configure the ESP for Forms-Based Authentication Client Side.

Login to the Virtual Service.

Close the browser without signing out of the application and let the client session timeout.

Login again. At this stage the client may experience the login loop until the browser cookie and cache are cleared.  

Error Message:

Open the developer tools within the browser (F12 on Keyboard) and go to the Network tab.

With the Developer tools open browse to the login page and preform a sign in request.

Observe the cookies in the request/response after the sign in.

There may be two LMDATA cookies in the client cache. The first is an old cookie and the second is the new cookie.

 

The LoadMaster login form with throw the follow error:

"Login Failed - Please make sure that your Username and Password are correct, and then try again."

LoginFainled.png

Defect Number: PD-18736
Enhancement Number:  
Cause:

This issue was identified as a bug in firmware version 7.2.55 and older.

PD-18736 - Single Sign-On: Fixed an internal issue where the cookie domain is being erroneously changed during response processing, leading to a login loop.
Resolution:

This issue was fixed in firmware version 7.2.56.0:
LoadMaster 7.2.56.0 Release Notes – Kemp Support (kemptechnologies.com)

 

To resolve the issue upgrade the affected LoadMaster to the Latest GA (Generally Available) release of firmware.

Currently this fix is only implemented in the GA versions of firmware.

 

Download the latest GA version of firmware from the below link:

Download LoadMaster Firmware (GA, LTS, LTSF, EA) – Kemp Support (kemptechnologies.com)

 

NOTE: Please read the release notes of each firmware before upgrading to see the full list of know and fixed issues.

The release note can be found under the same link as above.

 

Important: Before upgrading Firmware create a backup of the LoadMaster configuration and SSL certificate:

How to create and restore a LoadMaster Configuration or Certificate Backup – Kemp Support (kemptechnologies.com)

Workaround:  
Notes:

Edge Security Pack:

Edge Security Pack (ESP) – Kemp Support (kemptechnologies.com)

 

How to upgrade the LoadMaster firmware:

How to upgrade the Kemp LoadMaster Firmware – Kemp Support (kemptechnologies.com)


Was this article helpful?
0 out of 0 found this helpful

Comments