Issue:
I created a user as admin (superuser) on the backend and when they try and login (with change password required). They get too many redirects and the login page fails.
I can login without an issue with my own superuser account!!!
Problem:
The problem is that you require a password reset and, I presume based on context, have MFA enabled on this user. This creates a condition where MFA wants to validate the user's login by redirecting to the captive page, but the password reset wants to redirect to the user edit profile page to change the password. This causes a redirection loop. Supposedly, Joomla 5.2.3 fixed this… but they only did so in the frontend.
Solution:
Assuming the Super User account was forced to do a password reset as a result of Admin Tools' forgotten Super Users feature, go to Configure WAF, Hardening Options and scroll down to “Protected users“. Click on the plus sign button, then select your Super User account from the list. This will ensure that your Super User won't be forced to require a password reset in the future. Best do this on all of your clients' sites for both yours and their main Super User accounts.
Labels |
Removed:
?
|
Labels |
Added:
No Code Attached Yet
|
Status | New | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2025-02-05 11:11:03 |
Closed_By | ⇒ | joomdonation |
Thanks for reporting. This is a known issue and will be fixed on Joomla 5.2.4. The PR which fixed the issue #44723 , you can manual apply the changes from that PR if needed (if you know how). Otherwise, wait until 5.2.4 release and the issue will be fixed.