I think your're not hitting the USER/ADMIN role and your redirect seems incorrect. If you're having any role but USER/ADMIN, you redirect to /login (which requires the user to be authenticated) instead of /admin/login, seemingly causing an endless redirection loop.

You should probably change the login page to /login instead of /admin/login because in your code, a simple non-admin user can also login, making /admin/login 'wrong'.