We're running some Web Agents in our environment and when users try to
access applications, they login successfully, but right after, the
browser send them back to the login page.
To illustrate :
User goes to the protected page :
https://myapp.mydomain.com/
and then user is asked to provide credential on the login page on a
second Web Agent :
http://mylogin.mydomain.com/
User gives correct credentials, but some seconds after coming back to
the application
https://myapp.mydomain.com/
the browser is redirected again to
http://mylogin.mydomain.com/
How can we fix this ?
First request occurs at 16:09:10 on the protected page :
GET https://myapp.mydomain.com/ HTTP/1.1
HTTP/1.1 302 Found
Date: Thu, 07 Nov 2019 16:09:10 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips
The browser gets redirected for login page which request shows that
the login server is around 7 minutes in the past :
GET https://mylogin.mydomain.com/login.fcc?TYPE=33619969&REALMOID=06-wss5c58d-5hh4-4985-8a88-328682456437&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$F7h%2flZ9eqwaerdasdswkX4cKhulXfh%2bRzssadada0CLxmdsadsMVL7Vjvrtil7h&TARGET=$SM$https%3A%2F%2Fmyapp.mydomain.com%2F HTTP/1.1
HTTP/1.1 200 HTTP/1.1 200 OK
Server: Microsoft-IIS/8.0
Date: Thu, 07 Nov 2019 16:02:34 GMT
After successfull login, the browser goes back to the protected
application and the server shows a time which is around 3 hours in the
past :
GET https://myapp.mydomain.com/index.html HTTP/1.1
HTTP/1.1 302 Found
Date: Thu, 07 Nov 2019 13:02:25 GMT
Server: Apache
And the next click on the same application, the server shows the
server time being 3 hours in the future.
GET https://myapp.mydomain.com/myapp/index.html HTTP/1.1
HTTP/1.1 302 Found
Date: Thu, 07 Nov 2019 16:02:34 GMT
Server: Apache
As the server time varies, then the idle and session timeout trigger
and the browser is sent back to the login page :
GET https://mylogin.mydomain.com/login.fcc?TYPE=33619969&REALMOID=06-wss5c58d-5hh4-4985-8a88-328682456437&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$F7h%2flZ9eqwaerdasdswkX4cKhulXfh%2bRzssadada0CLxmdsadsMVL7Vjvrtil7h&TARGET=$SM$https%3A%2F%2Fmyapp.mydomain.com%2F HTTP/1.1
HTTP/1.1 200 HTTP/1.1 200 OK
Server: Microsoft-IIS/8.0
Date: Thu, 07 Nov 2019 16:02:34 GMT
Web Agent 12.52SP01CR01 on Apache 2.4 on Linux;
Make all the Web Server machine's clocks in sync to solve the issue.