We have a Discourse instance set up with SSO (using SAML/Shibboleth), and I configured it to allow embedding content on another subdomain which also uses the same SSO.
Here is the problem I am experiencing:
- User visits a page on subdomain X, which embeds a topic from Discourse, which is hosted on subdomain Y.
- User is redirected to subdomain Z for SSO login. They are then redirected back to subdomain X.
- When you refresh the page, everything works perfectly fine (i.e., the forum topic gets pulled in successfully), presumably because the browser now has a valid session cookie, which eliminates the need to redirect to the SSO subdomain.
Is there anything I can do to fix this properly? Right now I have a really terrible hack set up, which first attempts to load the forum topic into a hidden iframe, and then waits 1 second before actually loading the topic into the real page that is visible to the user.
Any help/suggestions would be appreciated!