AnsweredAssumed Answered

OpenID Connect Provider authentication loop

Question asked by yoshio.katayama Employee on Mar 20, 2018
Latest reply on Mar 30, 2018 by sgangaraboina

I'm trying to do the (almost) same thing as CA SSO OpenID Connect Provider - with Apache OpenID Client 

 

Differences are:

 - all running on Linux

 - not prepared dumpvars.bat equivalent yet

 - using html form auth scheme

 

When I accessed the example page on apache httpd with mod_auth_openidc, authentication screen appeared as expected (as a result of accessing /affwebservices/secure/secureredirect on AG).

But even if I put right username/password, the authentication screen appeared again.

Here's the snippet of the sequence.

 

/affwebservices/CASSO/oidc/authorize
/affwebservices/secure/secureredirect
/siteminderagent/forms/login.fcc
/affwebservices/secure/secureredirect
/affwebservices/CASSO/oidc/authorize
/affwebservices/secure/secureredirect
/siteminderagent/forms/login.fcc

 

This means that looping happened at OP side.

 

What might cause authentication looping?

 

Other things I should mention are:

 - SSL enabled with self signed certificate at httpd

 - session store enabled

 - only /affwebservices/secure/secureredirect was protected by domain

 

Any comments are appreciated.

 

Thanks,

Yoshio

Outcomes