SSO is trying to sign in with an invalid sso token sometimes.

edited February 2017 in Single Sign On
I'm running into an issue that seems to be relatively sporadic in its occurrence.

Sometimes, when using the javascript API for OneAll SSO, the javascript returned from
/sso/library.js?r=###
includes an sso_token that was recently destroyed. This is causing the user to get redirected to
/socialize/sso/connect
with an error page.

It is very unsightly.

image

I implemented SSO as specified within the guide at:
https://docs.oneall.com/services/implementation-guide/single-sign-on/
Is there something I might be missing? Or is this an actual bug on your end?

Best Answer

  • Claude_SchlesserClaude_SchlesserAdministratorOneAll Team
    edited February 2017 Answer ✓
    Hi Alan,

    the r value is a random value between 1000 and 9999 that is generated by our system and appended to the JavaScript file in order to generate a unique url and prevent the browser from reading an older version from it's cache. The range might be too small so that it can happen that it generates two identical values when it's called twice in a row.

    We have now changed the r value to a 10 position alpha-numeric random string.
    Could you give it another try? Please refresh your browser's cache before doing so!

Answers

  • Claude_SchlesserClaude_SchlesserAdministratorOneAll Team
    Hi Alan,

    what have you are using as value for the lifetime of the SSO token?
    https://docs.oneall.com/api/resources/sso/identity/start-session/

    Regards,
  • Claude,

    I am leaving that at the default. Should it matter? I'm destroying the sso token using the rest API when I log out.

    After logging out, the user is taken to our login screen. Where the situation in my original post happens.
  • Claude_SchlesserClaude_SchlesserAdministratorOneAll Team
    Hi Alan,

    I had unfortunately no success in reproducing the error.

    What could potentially happen is that the library is included for a given r value when the user logs in, i.e.:
    /sso/library.js?r=1234

    And that by coincidence our API generates the same value for r when the user logs out, i.e.:
    /sso/library.js?r=1234

    The browser would then serve the library.js from it's cache and in this case it would include the old token.
    We are prefixing the library.js to avoid exactly that problem.

    Does the issue happen all the time or only sporadically?
  • Claude,

    It happens very sporadically.
    I had to login/logout about 20 times to reproduce it once. Another time, it happened twice in a row. I think you may be correct in your assumptions though. How is that r value generated?
  • Claude,

    It seems to be fixed.

    Something weird happened to my freemium account, and I am unable to reply using it. Could you mark this as answered?

    Thanks!
  • Claude_SchlesserClaude_SchlesserAdministratorOneAll Team
    Hi Alan,

    I have now marked the question as answered.
    Do you need help with your account?
  • Claude,

    Don't worry about it. Moving forward, this is the account I will be using. It seems the only issue is with the forums anyways.

    Thanks!
Sign In or Register to comment.