Skip to main content
A
Anonymous_User
Contributor
September 25, 2024

Technical Tip: Unable to login into webpage and getting redirected to homepage

  • September 25, 2024
  • 0 replies
  • 1256 views
Description This article describes how to solve login page redirections on certain websites when the internet connection is working and there is no security profile blocking.
Scope End-user device / Server.
Solution

It can occur that devices connected on the same domain where some Users are unable to log into a specific webpage, getting redirected back to the login page after logging in with correct user credentials, and multi-factor authentication if applicable. While others log in successfully.

An example of a website where this can occur is https://bayan.logisti.sa. This website uses JSON Web Tokens (JWTs) for secure authentication.

To troubleshoot this is required to go to Browser Settings -> Web Developer Tools -> Select Network.
Enable 'Preserve Log' to save requests across page loads (Google Chrome example below).

 

har.png

 

As per IETF RFC7517, JSON Web Keys (JWKs) is a JSON data structure that provides a standardized format for representing public and private cryptographic keys,  serving as a secure repository that stores collected public keys necessary for verifying and decoding specific JSON Web Tokens (JWTs).

 

Systems that use JWTs and JWKS can often rely on time synchronization as a best practice for handling token revocation. This way a short expiration time is assigned to JWTs to minimize token theft or misuse. In case the system clock is out of sync authentication fails.

The below image shows the behavior after inserting the credentials correctly into https://bayan.logisti.sa. After this, the user gets automatically redirected to the initial homepage but does not get authenticated.


non-working.png
The solution is to make sure that the user device system clock is synchronized properly (The differences between working and non-working communications can be found when comparing the previous image's orange rectangle with the next image's green rectangle).

The next images show the correct behavior of JWKs. Where afterwards user information is submitted for validation the user logins successfully. Where userinfo contains the user's information, which is not observed in the previous image.


working.png

 

working2.png
Notes:
In this scenario, all devices were within the same domain, but there was a difference of 2 minutes and 7 seconds between the working and non-working systems.
The working system was a Windows 11 PC. While the non-working system is a Windows 11 PC and Windows 2012 server.

As a best practice is recommended to use more than one NTP server to make sure the time is right.
      Terms & ConditionsAccessibility statement