Support

Admin Tools

#41559 Too many redirects on backend login

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Wednesday, 05 February 2025 04:57 CST

alexwalker

Nicholas

I created a user as admin on the backend and when they try and login (with change password required). They get too many redirects and the login page fails. 

I have no issues likes this with Rochen. 

Contacted Fasthosts but they were unable to help me. Joomla issue.

I can login without an issue as admin!!!

Any ideas please? 

Regards

Alex

nicholas
Akeeba Staff
Manager

The problem is that you require a password reset and, I presume based on context, have MFA enabled on this user. This creates a condition where MFA wants to validate the user's login by redirecting to the captive page, but the password reset wants to redirect to the user edit profile page to change the password. This causes a redirection loop. Supposedly, Joomla 5.2.3 fixed this… but they only did so in the frontend.

You should also report this problem to Joomla's issue tracker, so they can fix it.

In the meantime, let's help you out.

You will need to visit the /index.php?option=com_users URL on your site to see the frontend login page. Log into the site's frontend like that, and you will be able to reset the password.

If this is not possible because that's a Super User and you have disabled backend users login into the frontend in Admin Tools, you may want to log into the site as a different Super User, temporarily disable this feature and retry.

If you don't have a secondary Super User account and the only other Super User left can't figure it out, have them create a Temporary Super User for you in Admin Tools. Use the temporary Super User to log into the backend, remove the required password reset flag from your user account, log out, log in with your Super User, and change your password, then remove the Temporary Super User.

Assuming the Super User account was forced to do a password reset as a result of Admin Tools' forgotten Super Users feature, go to Configure WAF, Hardening Options and scroll down to “Protected users“. Click on the plus sign button, then select your Super User account from the list. This will ensure that your Super User won't be forced to require a password reset in the future. Best do this on all of your clients' sites for both yours and their main Super User accounts.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

alexwalker

Nicholas

You never cease to amaze me with your fulsome responses and more importantly always providing the solution to the issue I'm experiencing. 

I did what you recommended and was able to login as that user without an issue. Ideally I would like them to change their password on first login so I will report this as a bug to be looked into. 

Thank you!

nicholas
Akeeba Staff
Manager

You're welcome :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!