+1-888-365-2779
Try Now
More in this section

Forums / Bugs & Issues / IE8 admin login issue

IE8 admin login issue

8 posts, 0 answered
  1. Rico
    Rico avatar
    88 posts
    Registered:
    30 Aug 2012
    27 Mar 2013
    Link to this post
    Hi there,

    I'm unable to log into the admin (backend) pages when using IE8 and using an Ldap authentication provider. using the 'default' authentication provider, I am able to login. Using any other browser, I can log in without issues (both authentication provider methods). Has anybody encountered this before? This is a show stopper for us.... using v5.4

    I have configured IIS/folder structure/database to the T. http://www.sitefinity.com/documentation/documentationarticles/installation-and-administration-guide/install-sitefinity/configuring-the-iis-to-host-sitefinity-projects 

    Thanks!
  2. Atanas Valchev
    Atanas Valchev avatar
    414 posts
    Registered:
    04 Jan 2016
    29 Mar 2013
    Link to this post
    Hi,

    I have tested 5.4 with LDAP authentication in IE 8 it works as expected. Would it be possible to open a support ticket and include more details regarding the setup of your test site. That way we will be able to test a scenario as closely as possible. 

    Thank you in advance.

    Kind regards,
    Atanas Valchev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Rico
    Rico avatar
    88 posts
    Registered:
    30 Aug 2012
    03 Apr 2013 in reply to Atanas Valchev
    Link to this post
    Hi,

    I think I've narrowed the problem down a bit... I'm now getting the following error:

    The message: Missing configuration for the requesting relying party http://<site.domain.com>

    I've looked at the following articles in your forums related to this, but nothing has helped. To note, my site is not running over SSL...
    http://www.sitefinity.com/developer-network/forums/bugs-issues-/5-0-issue-sso-claim-authentication

    Is there any added configuration that is required for the SecurityTokenIssuers?? Currently I only have one configured (and it is for the 'default' membership provider -- not my Ldap membership provider)...

    http://www.sitefinity.com/developer-network/forums/lightning-/supported-membership-providers
  4. Rico
    Rico avatar
    88 posts
    Registered:
    30 Aug 2012
    05 Apr 2013 in reply to Rico
    Link to this post
    In the end, I don't think this was related....

    Using Fidler, the actual error generated is an 'HTTP/1.1 302 Found' (Object moved) and looking at the actual headers, it might be because that the actual value in the Transport is too long. It's 3245 characters in length -- this far exceeds the 'standard/support' length that I've been able to find in literature for IE8 --Maximum URL length is 2,083 characters in Internet Explorer

    This lends more support as to why I don't encounter this issue with other browsers (they have far larger limits to the length in the URL)...

    http://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers

    Can you please provide perhaps a solution/explanation as to why the URL is so long simply to authenticate? Seems as though all the viewstate or something is attached? Below is what is sent:

  5. Atanas Valchev
    Atanas Valchev avatar
    414 posts
    Registered:
    04 Jan 2016
    08 Apr 2013
    Link to this post
    Hi,

    You need to add the url from the error as a relying party. Go to the Security.config file, copy the existing relying party and just change the realm to url from the error. Save and restart the application.

    The length of the request depends on the number of roles a user has, the more roles, the longer and since it encrypts the information it gets longer. Would it be possible to check how many roles that user has, please?

     Would it be possible to check the following sections in the web.config:

    <security>
          <requestFiltering>
            <requestLimits maxQueryString="7200" />
          </requestFiltering>
        </security>
    and
    <httpRuntime
        maxUrlLength="102400"
        maxQueryStringLength="102400"
        maxRequestLength="102400"
        requestValidationType="Telerik.Sitefinity.Security.Claims.CustomRequestValidator, Telerik.Sitefinity" />

    And compare the values. Also, are you using Single Sign On or just LDAP?

    Regards,
    Atanas Valchev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  6. Rico
    Rico avatar
    88 posts
    Registered:
    30 Aug 2012
    08 Apr 2013 in reply to Atanas Valchev
    Link to this post
    Hi Atanas,

    Thanks for the suggestion. I have already set those web.config values  -- they haven't helped.

    In response to how any AD roles my user has (I'm testing user my AD account) -- there are 29 AD group memberships. (I'm assuming this is what you were asking regarding 'roles)... However, I've associated 2 sitefinity 'roles' to this user as well (backendusers, and another custom role that I've created)...

    Can you please help elaborate on adding the relying party? What I've done previously was I've copied the 'authenticate' portion of the URL as the 'Realm' and copied over the existing 'http:localhost' relying parties Key (so that they're the same). This hasn't helped though...

    I now have two relying parties configured. (both with the same key)
    1) http://localhost
    2) http://localhost/MySite/Sitefinity/Authenticate/SWT

    Do I need to configure the relying party as something else (here's the actual URL from when I try to log into the admin sectino via ldap.

    http://localhost/MySite/Sitefinity/Authenticate/SWT?realm=http%3a%2f%2flocalhost%2fMySite%2f&redirect_uri=%2fMySite%2fsitefinity&deflate=true

    I am not trying to achieve SSO (the article I found was related to that, I apologize for the confusion). I am trying to allow for 'multiple' authentication providers (both the 'default' and an LdAP one)...

    Thanks for your suggestions

  7. Atanas Valchev
    Atanas Valchev avatar
    414 posts
    Registered:
    04 Jan 2016
    11 Apr 2013
    Link to this post
    Hi,

    The Relying party error which you got for site.domain.com can be resolved by adding that address to the relying parties:

    <relyingParties>
            <add key="F033D3A3799B086BCB17ED59CD440F4B9FFB99830D862396ECDBEEBBE70C6487" encoding="Hexadecimal" realm="http://localhost" />
            <add key="F033D3A3799B086BCB17ED59CD440F4B9FFB99830D862396ECDBEEBBE70C6487" encoding="Hexadecimal" realm="http://site.domain.com " />
        </relyingParties>

    I suspect that the AD group memberships could be a problem. Is there a way you can test this with an LDAP user who has only 1 or 2 membership. This will help us determine if the problem is stemming from the memberships or somewhere else. 

    Kind regards,
    Atanas Valchev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  8. Rico
    Rico avatar
    88 posts
    Registered:
    30 Aug 2012
    16 Apr 2013 in reply to Atanas Valchev
    Link to this post
    Hi Atanas,

    I've ensured my relyingParties entry match to what you've suggested. Unfortunatley it didn't resolve the issue. I've tried using an AD account with only 2 memberships, but same issue happened. (and this wouldn't be a viable resolution for us either). Again, this issue is only happening with IE 8. I feel it's still something to do with the length of the request (even though I've upped the settings for the httpRuntim config sections outlined in a previous response.
8 posts, 0 answered