Infinite authentication loop occurs when accessing SAM or applications with VIP MFA.
When users attempt to login to an application that invokes VIP two-factor authentication, they are continuously redirected back to VIP to re-authenticate instead of being logged into a target application.
Applications that have enabled VIP two-factor authentication during the sign-in process are affected.
If two-factor authentication is configured to initially access the SAM SSO Portal, this access is potentially affected.
ALL (Hosted and On-Premises) VIPAM / SAM / O3 deployments that have Multi-Factor Authentication configured using VIP Access (MFA) and all versions of VIPAM (SAM) are impacted.
No specific error message is presented. Instead, using VIP Push as an example, after 'Approving' the VIP Push login request, the user is asked again to 'Approve' a new VIP Push login request.
The certificate used to sign SAML assertions between VIP and SAM is incorrect, and must be updated.
As a security measure, VIP Access Manager does not allow SAML assertions that have failed signature validation. For this reason, the user is redirected back to VIP for re-authentication.
Upload the provided VIP Login MetaData Certificate (see file attachment in this article) to your SAM Certificate Store using the following steps:
Import Certificate => Browse (File*) => Browse (your local drive for your saved cert file) => Open => Upload Certificate = > Enter your Certificate Description Information => Import Certificate => Import Certificate
3. Publish The New Certificate to the Gateway:
Publish (below user's name, upper right corner) => Commit
4. Beginning with a fresh browser session and/or cleared cache, please test your multi-factor authentication to check that it is working properly.
Upload this VIP LOGIN METADATA CERTIFICATE to your applications (VIPAM/SAM) certificate store.