Hi,
We completed a SSO setup with a district via Google Classroom a while back (18days to be precise). When we tried the connection today it didn’t seem to work. We had the rules debugger open while trying the SSO but nothing showed up. Even if we look at the logs section nothing pop ups when searched using the connection name.
Although, the end result that we saw was an error message coming from the Auth0 rule. We cross verified the Auth0 tenant we were using. Need help quick.
Can you try installing the Real-time Webtask Logs extension? That way, any exception thrown by the rule you mention should show up and you can work from there.
I tried reinstalling the logs. We are able to view the logs for other connections. For this particular connection only a certain amount of logs are visible. e.g. We tried login via SSO, there are no logs visible, but I get an error which is thrown by the rule (this is after I am redirected to the last page). Now if we check the logs, there we see nothing.
So the customer (as one user) goes to the Google Classroom portal and selects our product’s icon. Google Classroom must redirect the browser to Auth0 and run our Rules, but we see no evidence of that in Auth0 logs or in the real-time debugger on the rule (this is a problem we need to fix so we can diagnose the district’s problem). The problem appears to be that the username we got from Google Classroom is different from that of the user who is doing the SSO access. In any event, the Rules cannot find the user in our product’s database (the wrong user), and fails. So our product tells the user he is not authorized to access our product.
If we had some evidence in Auth0 of the login attempt, we could confirm why the Rules returned the error that it did. Auth0 logs SSO access attempts from other districts, but not from Bakersfield (that is, with the connection name “Bakersfield” or “BakersfieldSpanish”). So we need help to know what is happening during the Bakersfield attempt to connect to our product through SSO.
If the real-time debugger on the rule logged any information that included the connection name, we could not see it in the log.
RESOLVED: The problem was that the customer changed their URL to bypass Auth0. That, of course, kept Auth0 from logging each login attempt (since they did not attempt a login!) and also explains why the login failed.
The customer is fixing their URL, and we now see login attempts in the Auth0 logs again. So the issue is resolved.
Glad you figured it out!