Problem statement
SSO is not working on our tenant
Symptoms
- The applications in question have both a passwordless and database connection enabled.
- The /authorize requests do not specify the connection param
Steps to reproduce
Broken SSO example:
- Configure New UL
- Enable a database connection on application A
- Enable the same database connection and a passwordless email connection on application B
- Login to application A
- Send an /authorize request from application B without specifying the connection param
- Observe that you arrive at the New UL page and are prompted to login via the same database connection again.
Working SSO example:
- Configure New UL
- Enable a database connection on application A
- Enable the same database connection and a passwordless email connection on application B
- Login to application A
- Send an /authorize request from application B, specifying the database connection with the connection param
- Observe that SSO works
Solution
Either disable the passwordless email connection on application B or configure application B to send the connection param. Understand that with the latter option, you’ll only see SSO working when the connection param matches the connection associated with the existing session.