Root GLPI web application page always asks to log in

s.zaprudsky · 2013-10-14 16:32:54

Suppose your GLPI is hosted with URL https://<host.domain.com>. Every time you open that URL https://<host.domain.com>, GLPI asks your to log in, while at the same time you can easily browse https://<host.domain.com>/front/central.php (if you have been logged in before).
So root page https://<host.domain.com> is configured to always ask you for credentials regardless of your current login status.

GLPI  0.84
Operating system: Linux <hidden> 2.6.32-358.18.1.el6.x86_64 #1 SMP Wed Aug 28 17:19:38 UTC 2013 x86_64
PHP 5.3.3 (Core, PDO, Phar, Reflection, SPL, SimpleXML, apache2handler, bz2, calendar, ctype, curl, date, dom, ereg, exif,
    fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, imap, json, ldap, libxml, mbstring, mysql, mysqli, openssl, pcre,
    pdo_mysql, pdo_sqlite, session, shmop, sockets, sqlite3, standard, tokenizer, wddx, xml, xmlreader, xmlwriter, xsl, zip, zlib)
Setup: max_execution_time="600" memory_limit="128M" post_max_size="8M" safe_mode="" session.save_handler="files"
    upload_max_filesize="2M" 
Software: Apache/2.2.15 (CentOS) (Apache/2.2.15 (CentOS) Server at <hidden> Port 443)
    Mozilla/5.0 (Windows NT 6.2; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0
DBMS:    Server Software: Source distribution
    Server Version: 5.1.69
    Parameters: <hidden>@localhost/<hidden>
    Host info: Localhost via UNIX socket

JMD · 2013-10-14 19:44:42

Very curious.

How did you install GLPI ? tar.gz or a package centos ?

How did you configure your vhost ?

Do you have some apache log , error log ?

Do you have some glpi log ?

Etc... etc.. http://www.glpi-project.org/forum/viewt … p?id=33810

I think it is a virtual host problem

s.zaprudsky · 2013-10-15 12:02:05

This is a default installation of CentOS and all corresponding packages.

We have installed GLPI from tar.gz file.

Virtual host configuration:

[root@GLPI-SRV ~]# cat /etc/httpd/conf.d/GLPI-SRV-443.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

<VirtualHost _default_:443>
        DocumentRoot /var/www/html/glpi
        ErrorLog logs/ssl_error_log
        TransferLog logs/ssl_access_log
        LogLevel warn
        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
        SSLCertificateFile /etc/pki/tls/certs/GLPI-SRV.crt
        SSLCertificateKeyFile /etc/pki/tls/private/GLPI-SRV.key
        SSLCACertificateFile /etc/pki/tls/certs/GLPI-SRV-root-ca.crt
        <Files ~ "\.(cgi|shtml|phtml|php3?)$">
                SSLOptions +StdEnvVars
        </Files>
        <Directory "/var/www/cgi-bin">
                SSLOptions +StdEnvVars
        </Directory>
        SetEnvIf User-Agent ".*MSIE.*" \
                         nokeepalive ssl-unclean-shutdown \
                         downgrade-1.0 force-response-1.0
        CustomLog logs/ssl_request_log \
                          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

The following logs were recorded in situation when I have been browsing GLPI in one tab of Firefox, and then tried to open https://<host.domain.com> page on a new tab:

[root@GLPI-SRV ~]# tail /var/log/httpd/ssl_access_log
192.168.0.210 - - [15/Oct/2013:12:23:55 +0300] "GET / HTTP/1.1" 200 1902
192.168.0.210 - - [15/Oct/2013:12:23:55 +0300] "GET /front/cron.php HTTP/1.1" 200 63

[root@GLPI-SRV ~]# tail /var/log/httpd/ssl_request_log
[15/Oct/2013:12:23:55 +0300] 192.168.0.210 TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 1902
[15/Oct/2013:12:23:55 +0300] 192.168.0.210 TLSv1 DHE-RSA-CAMELLIA256-SHA "GET /front/cron.php HTTP/1.1" 63

[root@GLPI-SRV ~]# tail /var/log/httpd/ssl_error_log

[root@GLPI-SRV ~]# tail /var/log/httpd/error_log

[root@GLPI-SRV ~]# tail /var/www/html/glpi/files/_log/php-errors.log

[root@GLPI-SRV ~]# tail /var/www/html/glpi/files/_log/sql-errors.log

The problem is reproducible in other browsers too.

MoYo · 2013-10-16 08:44:20

Maybe add ServerName directive to your virtualhost ?

s.zaprudsky · 2013-10-16 12:51:55

No effect. I even tried moving to http only with the following vhost config file:

Listen *:80
NameVirtualHost *:80
<VirtualHost *:80>
    ServerName host.domain.com
    DocumentRoot /var/www/html/glpi
</VirtualHost>

Logs recorded:

[root@GLPI-SRV ~]# tail /var/log/httpd/error_log
[Wed Oct 16 13:44:06 2013] [notice] caught SIGTERM, shutting down
[Wed Oct 16 13:44:06 2013] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Wed Oct 16 13:44:06 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Oct 16 13:44:06 2013] [notice] Digest: generating secret for digest authentication ...
[Wed Oct 16 13:44:06 2013] [notice] Digest: done
[Wed Oct 16 13:44:06 2013] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations

[root@GLPI-SRV ~]# tail /var/log/httpd/access_log
192.168.0.210 - - [16/Oct/2013:13:44:17 +0300] "GET / HTTP/1.1" 200 1902 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; MS-RTC LM 8)"
192.168.0.210 - - [16/Oct/2013:13:44:18 +0300] "GET /front/cron.php HTTP/1.1" 200 63 "http://<host.domain.com>/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; MS-RTC LM 8)"
192.168.0.210 - - [16/Oct/2013:13:44:18 +0300] "GET /pics/favicon.ico HTTP/1.1" 200 1382 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; MS-RTC LM 8)"
192.168.0.210 - - [16/Oct/2013:13:44:27 +0300] "POST /login.php HTTP/1.1" 200 281 "http://<host.domain.com>/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; MS-RTC LM 8)"
192.168.0.210 - - [16/Oct/2013:13:44:27 +0300] "GET /front/central.php HTTP/1.1" 200 19933 "http://<host.domain.com>/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; MS-RTC LM 8)"
192.168.0.210 - - [16/Oct/2013:13:44:28 +0300] "GET /ajax/updatecurrenttab.php?itemtype=Central&glpi_tab=Central%241&_dc=1381920253617 HTTP/1.1" 200 - "http://<host.domain.com>/front/central.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; MS-RTC LM 8)"
192.168.0.210 - - [16/Oct/2013:13:44:28 +0300] "GET /pics/favicon.ico HTTP/1.1" 200 1382 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; MS-RTC LM 8)"
192.168.0.210 - - [16/Oct/2013:13:44:28 +0300] "POST /ajax/common.tabs.php?_dc=1381920253647 HTTP/1.1" 200 33172 "http://<host.domain.com>/front/central.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; MS-RTC LM 8)"
192.168.0.210 - - [16/Oct/2013:13:44:33 +0300] "GET / HTTP/1.1" 200 1902 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; MS-RTC LM 8)"
192.168.0.210 - - [16/Oct/2013:13:44:33 +0300] "GET /front/cron.php HTTP/1.1" 200 63 "http://<host.domain.com>/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; MS-RTC LM 8)"
192.168.0.210 - - [16/Oct/2013:13:44:33 +0300] "GET /pics/favicon.ico HTTP/1.1" 200 1382 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; MS-RTC LM 8)"

[root@GLPI-SRV ~]# tail /var/www/html/glpi/files/_log/php-errors.log

[root@GLPI-SRV ~]# tail /var/www/html/glpi/files/_log/sql-errors.log

s.zaprudsky · 2013-10-30 09:32:16

Could anybody confirm the bug?

This problem is really annoying. Is there anything else I should check? Any recommendations on troubleshooting/debugging?

Thanks in advance!

s.zaprudsky · 2013-10-30 09:38:20

Not sure if this affects anything except links in e-mail notifications, but I tried configuring URL of the application (GLPI Setup -> General -> General setup) as https://<host.domain.com> and https://<host.domain.com>/ - but nothing changed.

Also, if this matters, we use LDAP for authentication. But the problem is reproducible with local GLPI authenticated users too.

Last edited by s.zaprudsky (2013-10-30 09:49:03)

JMD · 2013-10-30 14:59:54

I don't think this is bug. We can't reproduce this.

GLPI works perfectly on different distribution.

Perhaps Remi could help you. He is sometimes on IRC.

raiched · 2017-09-27 21:59:03

I'm having the same issue right now as well, new 9.1 installation that was working perfectly for the last few months. Password User access only, I was on it the other day then today the 'log in again' loop no matter what user I choose. Is there a file that specifys the DNS IP CNAME record to return for authentication. Checked the profiles and they are still active, not sure why we are seeing this loop.

yllen · 2017-09-28 18:56:12

Have you some error in apache logs?

raiched · 2017-09-28 22:27:02

Success, 2 things where wrong with my installation, the host file local.host entry was deleted, so recreated and made sure to add the local.host back into the host file and second, the password hash entries were gone from the database. I re-populated the password hash table from a backup and now it works great.

adriandelcl · 2017-09-29 14:37:14

raiched wrote:

Success, 2 things where wrong with my installation, the host file local.host entry was deleted, so recreated and made sure to add the local.host back into the host file and second, the password hash entries were gone from the database. I re-populated the password hash table from a backup and now it works great.

I have the same problem and I do not understand your solution. Please, could you describe it a little bit better? Thank you very much.

Forum GLPI-Project

Announcement

#1 2013-10-14 16:32:54

Root GLPI web application page always asks to log in

#2 2013-10-14 19:44:42

Re: Root GLPI web application page always asks to log in

#3 2013-10-15 12:02:05

Re: Root GLPI web application page always asks to log in

#4 2013-10-16 08:44:20

Re: Root GLPI web application page always asks to log in

#5 2013-10-16 12:51:55

Re: Root GLPI web application page always asks to log in

#6 2013-10-30 09:32:16

Re: Root GLPI web application page always asks to log in

#7 2013-10-30 09:38:20

Re: Root GLPI web application page always asks to log in

#8 2013-10-30 14:59:54

Re: Root GLPI web application page always asks to log in

#9 2017-09-27 21:59:03

Re: Root GLPI web application page always asks to log in

#10 2017-09-28 18:56:12

Re: Root GLPI web application page always asks to log in

#11 2017-09-28 22:27:02

Re: Root GLPI web application page always asks to log in

#12 2017-09-29 14:37:14

Re: Root GLPI web application page always asks to log in

Board footer