i have a fully working discourse instance with SSO support.
Everything is https.
Recently I activated the force_https option in the settings, because some browser promted the user, that parts of the website aren’t secure.
Enabling this settings fixed this error, but resulted in a new one:
The SSO process is broken, if I activate the force_https setting.
How can this be the case?
My php scripts redirects the user as usual:
https://domain.com/session/sso_login?sso=". $payload ."&sig=". $return_sig
But discourse opens up and doesn’t login the user, nor shows any kind of erros.
The logging shows only one single difference at the backtraces for the following line:
Why does the session_controller messes up the sso process?
Thanks a lot for your support