Request Looping Between Authentication URL and Federation URL

Document ID : KB000075133
Last Modified Date : 06/04/2018
Show Technical Document Details
Issue:
When I try to initiate an OpenID Connect session, I receive a Browser error that says too many redirects. The logs show the following:

[03/29/2018][20:57:49][6762][140511575152384][120cd330-a359313a-b0216797-dbd47d46-4a765a0a-f861][AuthorizationService.java]
[processAuthentication][OpenIDConnect Authorization Service Service redirecting to authentication URL: https://smfed-
dev.testqa.company.com/affwebservices/secure/secureredirect?SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&
SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&
SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&
SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&
SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&
response_type=code&client_id=0001a8a8-397c-1a97-b5b2-9ae8ac149e7f&redirect_uri=https%3A%2F%2Ffusion-abc--ComSSO.cs50.company2.com%2Fservices%2Fauthcallback%2FFusionFull&scope=
openid&state=CAAAAWJ04zAXME8wM0IwMDAwMDAwMDA2AAAA1CqbCF8y0QgPQlhjWhMisWidNmbkNYlDrGuLMDPBwlb9Uli-
lqWhf_TQHH2kDrQCN3MJaZA5wAw6SoeKfxdLuxiOo5H1bbAfqOQtmpHwsbFxyHQkcULx__VnTI_qqxKEhbhuLh2wxD3y23q8OCdCopqJi
_nQgBnhx6w5Z1_WlarEp7y_m6pKHgczpiLa01gde7QY2ruH_Iwx-639nATeA3EW_1454vYcU1L-yR3caHNAMpPSfYN3n-H6M_ZMxepW52gDh8uu
47474-3xj_NN3BI%3D&SMPORTALURL=DmGyoM0I1YMdUMDY6RyzXFOzpYmAvIjSmH2gXtiNMinTzwEHtjzSVbB%2FnVP4kusvhRzVuDqbzQ
%2F4SOI3C26QzOtBhhJKtjn4F6fDogDugFpu3bqi74xh7z1LUbZKimYX]
Cause:
The federation Authentication URL was not protected, causing a loop between Federated Web Services (FWS) and the Authentication URL.  This will occur for any federation profile that leverages an Authentication URL.  This looping will also occur if the session that a user receives upon requesting the Authentication URL is not valid for the FWS URL, such as would occur if the Authentication URL and FWS URL are in different cookie domains and no cookie provider is configured.
Resolution:
Make sure the Authentication URL is a protected resource.  Make sure the sessions generated from requesting the Authentication URL are valid for the FWS URL.