SSO is trying to sign in with an invalid sso token sometimes.
I'm running into an issue that seems to be relatively sporadic in its occurrence.
Sometimes, when using the javascript API for OneAll SSO, the javascript returned from
It is very unsightly.
I implemented SSO as specified within the guide at:
Sometimes, when using the javascript API for OneAll SSO, the javascript returned from
/sso/library.js?r=###includes an sso_token that was recently destroyed. This is causing the user to get redirected to
/socialize/sso/connectwith an error page.
It is very unsightly.
I implemented SSO as specified within the guide at:
https://docs.oneall.com/services/implementation-guide/single-sign-on/Is there something I might be missing? Or is this an actual bug on your end?
Best Answer
-
Claude_SchlesserAdministratorOneAll Team
Hi Alan,
the r value is a random value between 1000 and 9999 that is generated by our system and appended to the JavaScript file in order to generate a unique url and prevent the browser from reading an older version from it's cache. The range might be too small so that it can happen that it generates two identical values when it's called twice in a row.
We have now changed the r value to a 10 position alpha-numeric random string.
Could you give it another try? Please refresh your browser's cache before doing so!
Welcome!
Please sign in to your OneAll account to ask a new question or to contribute to the discussions.
Please click on the link below to connect to the forum with your OneAll account.
Information
Products & Services
Categories
- 2.2K All Categories
- 1.1K General
- 1.1K Questions
- 46 Suggestions
- 592 Implementation
- 10 Single Sign On
- 16 LoudVoice
- 658 Turnkey Plugins
- 42 Drupal
- 33 Joomla!
- 21 Magento
- 22 myBB
- 84 Opencart
- 125 phpBB
- 39 PrestaShop
- 31 Simple Machines Forum
- 9 Vanilla
- 17 vBulletin
- 8 WHMCS
- 221 WordPress
- 6 ZenCart
Answers
what have you are using as value for the lifetime of the SSO token?
https://docs.oneall.com/api/resources/sso/identity/start-session/
Regards,
I am leaving that at the default. Should it matter? I'm destroying the sso token using the rest API when I log out.
After logging out, the user is taken to our login screen. Where the situation in my original post happens.
I had unfortunately no success in reproducing the error.
What could potentially happen is that the library is included for a given r value when the user logs in, i.e.:
/sso/library.js?r=1234And that by coincidence our API generates the same value for r when the user logs out, i.e.:
/sso/library.js?r=1234The browser would then serve the library.js from it's cache and in this case it would include the old token.
We are prefixing the library.js to avoid exactly that problem.
Does the issue happen all the time or only sporadically?
It happens very sporadically.
I had to login/logout about 20 times to reproduce it once. Another time, it happened twice in a row. I think you may be correct in your assumptions though. How is that r value generated?
It seems to be fixed.
Something weird happened to my freemium account, and I am unable to reply using it. Could you mark this as answered?
Thanks!
I have now marked the question as answered.
Do you need help with your account?
Don't worry about it. Moving forward, this is the account I will be using. It seems the only issue is with the forums anyways.
Thanks!