SSO Loop - Help needed to find the problem


(RaVoR) #1

Hey there,

I’ve just set up a discourse forum within our company. I’ve written our own SSO-login to register and login to discourse. Everything was fine until some point - I don’t know where and why - it all broke.

Discourses’ SSO seems to loop for now reason and I cannot find the underlying problem. Maybe you guys are able to help me.

Log of SSO:

Started GET "/session/sso_login?sso=[very long ssotext]" for 87.163.88.41 at 2018-01-16 20:08:42 +0000
Processing by SessionController#sso_login as HTML
  Parameters: {"sso"=>"[very long ssotext]", "sig"=>"bc436ea4fb8c390d0f9d0e9d8858ca1f1ee22ca52e90140ccd80e0d9433606d5"}
Verbose SSO log: User was logged on --redacted--

nonce: 4a62ac720d1ed262db4e35e49d6e234a
name: --redacted--
username: --redacted--
email: --redacted--
avatar_url:
avatar_force_update:
require_activation:
bio: --redacted--
external_id: {1aaecfae9e4a0f409b1e8036727c130a}
return_sso_url:
admin:
moderator:
suppress_welcome_message:
title:
add_groups:
remove_groups:
groups:
Redirected to http://discourse.miccoe.cloud/
Completed 302 Found in 20ms (ActiveRecord: 5.8ms)
Started GET "/" for 87.163.88.41 at 2018-01-16 20:08:42 +0000
Processing by CategoriesController#index as HTML
Redirected to http://discourse.miccoe.cloud/session/sso
Filter chain halted as :redirect_to_login_if_required rendered or redirected
Completed 302 Found in 10ms (ActiveRecord: 4.2ms)
Started GET "/session/sso" for 87.163.88.41 at 2018-01-16 20:08:42 +0000
Processing by SessionController#sso as HTML
Verbose SSO log: Started SSO process

nonce: 9fa3be16c015041e86ef76f0f494a983
[and so on and so on]

Which logs do you need, how can I increase verbosity? Anything else needed?

BR,
RaVoR


(Bhanu Sharma) #2

Your site looks like running on SSL and the log is quoting urls from http://

Have you tried enabling force-https on Discourse?
Can you check if your SSO provider is returning users to http link? If so, try diagnosing that and make sure that everything works on same protocol.


(RaVoR) #3

After enabling SSL directly in the Discourse-instance everything is working well again. Thanks for pointing that out.