No Code Attached Yet
avatar alexdwalker
alexdwalker
5 Feb 2025

Issue:
I created a user as admin (superuser) on the backend and when they try and login (with change password required). They get too many redirects and the login page fails.

I can login without an issue with my own superuser account!!!

Problem:
The problem is that you require a password reset and, I presume based on context, have MFA enabled on this user. This creates a condition where MFA wants to validate the user's login by redirecting to the captive page, but the password reset wants to redirect to the user edit profile page to change the password. This causes a redirection loop. Supposedly, Joomla 5.2.3 fixed this… but they only did so in the frontend.

Solution:
Assuming the Super User account was forced to do a password reset as a result of Admin Tools' forgotten Super Users feature, go to Configure WAF, Hardening Options and scroll down to “Protected users“. Click on the plus sign button, then select your Super User account from the list. This will ensure that your Super User won't be forced to require a password reset in the future. Best do this on all of your clients' sites for both yours and their main Super User accounts.

avatar alexdwalker alexdwalker - open - 5 Feb 2025
avatar alexdwalker alexdwalker - change - 5 Feb 2025
Labels Removed: ?
avatar joomla-cms-bot joomla-cms-bot - change - 5 Feb 2025
Labels Added: No Code Attached Yet
avatar joomla-cms-bot joomla-cms-bot - labeled - 5 Feb 2025
avatar joomdonation joomdonation - close - 5 Feb 2025
avatar joomdonation
joomdonation - comment - 5 Feb 2025

Thanks for reporting. This is a known issue and will be fixed on Joomla 5.2.4. The PR which fixed the issue #44723 , you can manual apply the changes from that PR if needed (if you know how). Otherwise, wait until 5.2.4 release and the issue will be fixed.

avatar joomdonation joomdonation - change - 5 Feb 2025
Status New Closed
Closed_Date 0000-00-00 00:00:00 2025-02-05 11:11:03
Closed_By joomdonation

Add a Comment

Login with GitHub to post a comment