I have the endpoint set, and the endpoint is succesfully creating, hashing and signing the payload.
When the browser redirects back to the /session/sso_login endpoint, the user is created successfully. The message appears: Verbose SSO log: User was logged on jhtest
The user gets redirected back to the front page, but isn’t actually logged in. I hit the login button, the dance happens again, but I’m still not ever logged in.
If I enable “Login Required” in the admin panel, the user ends up in a redirect loop.
Have I missed something obvious?
I’m running the docker-discourse version (which is currently set to [v2.1.0.beta6 +93).
I am running behind an Apache reverse proxy. This dockerized application is co-located with about about 7 others on this host. So, this kind of setup isn’t new or novel for us.
I can login successfully by disabling SSO.
Basically, I’m protecting the path /login with Shib, and setting that path as the SSO login url in the admin screen.
At that /login path sits a php script which rips apart the payload, adds a bunch of variables to the payload from the shib environment, encodes it, signs it, assembles the new URL and redirects the browser. The Verbose SSO log seems to be happy with the payload as it successfully decodes and chunks the correct values into the different fields.