Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Anonymous
Not applicable

Created on ‎09-25-2024 07:34 AM

Article Id 344248

Technical Tip: Unable to login into webpage and getting redirected to homepage

Description This article describes how to solve login page redirections on certain websites when the internet connection is working and there is no security profile blocking.
Scope End-user device / Server.
Solution

It can occur that devices connected on the same domain where some Users are unable to log into a specific webpage, getting redirected back to the login page after logging in with correct user credentials, and multi-factor authentication if applicable. While others log in successfully.

An example of a website where this can occur is https://bayan.logisti.sa. This website uses JSON Web Tokens (JWTs) for secure authentication.

To troubleshoot this is required to go to Browser Settings -> Web Developer Tools -> Select Network.
Enable 'Preserve Log' to save requests across page loads (Google Chrome example below).

 

har.png

 

As per IETF RFC7517, JSON Web Keys (JWKs) is a JSON data structure that provides a standardized format for representing public and private cryptographic keys,  serving as a secure repository that stores collected public keys necessary for verifying and decoding specific JSON Web Tokens (JWTs).

 

Systems that use JWTs and JWKS can often rely on time synchronization as a best practice for handling token revocation. This way a short expiration time is assigned to JWTs to minimize token theft or misuse. In case the system clock is out of sync authentication fails.

The below image shows the behavior after inserting the credentials correctly into https://bayan.logisti.sa. After this, the user gets automatically redirected to the initial homepage but does not get authenticated.


non-working.png
The solution is to make sure that the user device system clock is synchronized properly (The differences between working and non-working communications can be found when comparing the previous image's orange rectangle with the next image's green rectangle).

The next images show the correct behavior of JWKs. Where afterwards user information is submitted for validation the user logins successfully. Where userinfo contains the user's information, which is not observed in the previous image.


working.png

 

working2.png
Notes:
In this scenario, all devices were within the same domain, but there was a difference of 2 minutes and 7 seconds between the working and non-working systems.
The working system was a Windows 11 PC. While the non-working system is a Windows 11 PC and Windows 2012 server.

As a best practice is recommended to use more than one NTP server to make sure the time is right.
1007
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.