New user created, but not logged in

I’m working on configuring SSO for my site.

I have the endpoint set, and the endpoint is succesfully creating, hashing and signing the payload.

When the browser redirects back to the /session/sso_login endpoint, the user is created successfully. The message appears: Verbose SSO log: User was logged on jhtest

The user gets redirected back to the front page, but isn’t actually logged in. I hit the login button, the dance happens again, but I’m still not ever logged in.

If I enable “Login Required” in the admin panel, the user ends up in a redirect loop.

Have I missed something obvious?

I’m running the docker-discourse version (which is currently set to [v2.1.0.beta6 +93).

Thanks for any ideas,
Jason

As far as I understand, the SSO provider should not be able to cause this. So, before we look at SSO, let’s check some other things:

• Did you install according to these instructions?
• Did you deviate from these instructions in any way? For example, are you running a reverse proxy in front of Discourse?
• Are you using a CDN?
• If you disable SSO, can you successfully log in to Discourse?

Is the SSO provider some custom software you wrote?

I am running behind an Apache reverse proxy. This dockerized application is co-located with about about 7 others on this host. So, this kind of setup isn’t new or novel for us.

I can login successfully by disabling SSO.

Basically, I’m protecting the path /login with Shib, and setting that path as the SSO login url in the admin screen.

At that /login path sits a php script which rips apart the payload, adds a bunch of variables to the payload from the shib environment, encodes it, signs it, assembles the new URL and redirects the browser. The Verbose SSO log seems to be happy with the payload as it successfully decodes and chunks the correct values into the different fields.