SSO Loop - Help needed to find the problem

Hey there,

I’ve just set up a discourse forum within our company. I’ve written our own SSO-login to register and login to discourse. Everything was fine until some point - I don’t know where and why - it all broke.

Discourses’ SSO seems to loop for now reason and I cannot find the underlying problem. Maybe you guys are able to help me.

Log of SSO:

Started GET "/session/sso_login?sso=[very long ssotext]" for 87.163.88.41 at 2018-01-16 20:08:42 +0000
Processing by SessionController#sso_login as HTML
  Parameters: {"sso"=>"[very long ssotext]", "sig"=>"bc436ea4fb8c390d0f9d0e9d8858ca1f1ee22ca52e90140ccd80e0d9433606d5"}
Verbose SSO log: User was logged on --redacted--

nonce: 4a62ac720d1ed262db4e35e49d6e234a
name: --redacted--
username: --redacted--
email: --redacted--
avatar_url:
avatar_force_update:
require_activation:
bio: --redacted--
external_id: {1aaecfae9e4a0f409b1e8036727c130a}
return_sso_url:
admin:
moderator:
suppress_welcome_message:
title:
add_groups:
remove_groups:
groups:
Redirected to http://discourse.miccoe.cloud/
Completed 302 Found in 20ms (ActiveRecord: 5.8ms)
Started GET "/" for 87.163.88.41 at 2018-01-16 20:08:42 +0000
Processing by CategoriesController#index as HTML
Redirected to http://discourse.miccoe.cloud/session/sso
Filter chain halted as :redirect_to_login_if_required rendered or redirected
Completed 302 Found in 10ms (ActiveRecord: 4.2ms)
Started GET "/session/sso" for 87.163.88.41 at 2018-01-16 20:08:42 +0000
Processing by SessionController#sso as HTML
Verbose SSO log: Started SSO process

nonce: 9fa3be16c015041e86ef76f0f494a983
[and so on and so on]

Which logs do you need, how can I increase verbosity? Anything else needed?

Your site looks like running on SSL and the log is quoting urls from http://

Have you tried enabling force-https on Discourse?
Can you check if your SSO provider is returning users to http link? If so, try diagnosing that and make sure that everything works on same protocol.

3 Likes

After enabling SSL directly in the Discourse-instance everything is working well again. Thanks for pointing that out.

3 Likes