When I try to login on my IPhone (either Chrome or Safari), I end up with a redirect loop, bouncing away from /
after being signed in even though it seems like discourse say I successfully sign in. I decided to try disabling the Lax cookie requirements and then things started to work. This issue only occur for my IPhone mobile, but not for any other mobile or computer. I’m using Discourse version v2.3.0.beta5 +169.
I have also tried disabling force-https, and then it still fails, only disabling Lax cookies seem to work, and using Strict cookies does not work either.
Any ideas or pointers on how I can find out what goes wrong for the IPhones? I’m using Okta → Azure AD as a identity providers. I suspect Azure AD a bit for potentially doing something along the way, but I don’t know what it may be though.
Related
I’m using an IPhone with version 12.1.4.
- c# - Cookies with a SameSite policy enforced are blocked in iOS 12 for SSO flows involving cross-origin requests - Stack Overflow
- https://github.com/IdentityServer/IdentityServer4/issues/2595
Success vs Failure logs
Succeeding on my Computer (Ubuntu - Chrome)
-
/
— NOT LOGGED IN /session/sso
my-sso
/session/sso_login
-
/
— LOGGED IN
Started GET "/" for <redacted_ip> at 2019-03-26 07:18:23 +0000
Processing by CategoriesController#index as HTML
Redirected to https://discourse.example.com/session/sso
Filter chain halted as :redirect_to_login_if_required rendered or redirected
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
---
Started GET "/session/sso" for <redacted_ip> at 2019-03-26 07:18:23 +0000
Processing by SessionController#sso as HTML
Verbose SSO log: Started SSO process
nonce: 97aa661e9114d41814413a28359b9c77
return_sso_url: https://discourse.example.com/session/sso_login
Redirected to https://discourse-sso.example.com/sso/login?sso=redacted%3D%3D&sig=9586c5823337f624f987c1a2e8daa770cfcf960ca7f3ee845ed8d165db0b8c69
Completed 302 Found in 3ms (ActiveRecord: 0.0ms)
---
Started GET "/session/sso_login?sso=redacted&sig=9b66bc027724b460195cc6403a17f8cc7796551d69fcab8108ae123eef4a7157" for <redacted_ip> at 2019-03-26 07:18:55 +0000
Processing by SessionController#sso_login as HTML
Parameters: {"sso"=>"redacted", "sig"=>"9b66bc027724b460195cc6403a17f8cc7796551d69fcab8108ae123eef4a7157"}
Verbose SSO log: User was logged on consideratio
admin: true
moderator: true
email: erik@redacted.com
external_id: 00u7sxngmxtnEfjQ8356
locale: en-US
name: Erik
nonce: 97aa661e9114d41814413a28359b9c77
return_sso_url: https://discourse.example.com/session/sso_login
username: erik@redacted.com
Redirected to https://discourse.example.com/
Completed 302 Found in 128ms (ActiveRecord: 48.2ms)
---
Started GET "/" for <redacted_ip> at 2019-03-26 07:18:55 +0000
Processing by CategoriesController#index as HTML
Rendering categories/index.html.erb within layouts/application
# ...
# ...
# ...
Failing on my IPhone (Chrome, but I have also tried Safari)
-
/
— NOT LOGGED IN /session/sso
my-sso
/session/sso_login
-
/
— NOT LOGGED IN (and the sequence repeats itself)
Started GET "/" for <redacted_ip> at 2019-03-26 07:00:07 +0000
Processing by CategoriesController#index as HTML
Redirected to https://discourse.example.com/session/sso
Filter chain halted as :redirect_to_login_if_required rendered or redirected
Completed 302 Found in 2ms (ActiveRecord: 0.0ms)
---
Started GET "/session/sso" for <redacted_ip> at 2019-03-26 07:00:07 +0000
Processing by SessionController#sso as HTML
Verbose SSO log: Started SSO process
nonce: 76a497cbf008d9282f9adb0067b9c2d7
return_sso_url: https://discourse.example.com/session/sso_login
Redirected to https://discourse-sso.example.com/sso/login?sso=redacted%3D%3D&sig=3befcaa8c1b462dfe16cfe55761f09fdf9d83c7ef8be24689814cf4e84be43ef
Completed 302 Found in 5ms (ActiveRecord: 0.0ms)
---
Started GET "/session/sso_login?sso=redacted&sig=46f7360941e1f6861c904d4380919d90f2049fbb9c2eb0e916ac7ee341e0b5b4" for <redacted_ip> at 2019-03-26 07:00:53 +0000
Processing by SessionController#sso_login as HTML
Parameters: {"sso"=>"redacted", "sig"=>"46f7360941e1f6861c904d4380919d90f2049fbb9c2eb0e916ac7ee341e0b5b4"}
Verbose SSO log: User was logged on consideratio
admin: true
moderator: true
email: erik@redacted.com
external_id: redacted
locale: en-US
name: Erik
nonce: 76a497cbf008d9282f9adb0067b9c2d7
return_sso_url: https://discourse.example.com/session/sso_login
username: erik@redacted.com
Redirected to https://discourse.example.com/
Completed 302 Found in 167ms (ActiveRecord: 67.6ms)
---
Started GET "/" for <redacted_ip> at 2019-03-26 07:00:53 +0000
Processing by CategoriesController#index as HTML
Redirected to https://discourse.example.com/session/sso
Filter chain halted as :redirect_to_login_if_required rendered or redirected
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
Started GET "/session/sso" for <redacted_ip> at 2019-03-26 07:00:53 +0000
Processing by SessionController#sso as HTML
Verbose SSO log: Started SSO process
# ...
# ...
# ...