Sometimes users cannot log in with Single Sign-On (SSO) after configuring a custom domain and are redirected to
https://user/login?error=true. This article explains how to debug this issue and provides a potential solution. In this example, OpenID Connect (OIDC) is used.
To debug the issue, get the container logs and search for errors. If you find an error similar to the below one, it means that you configured SSO before configuring the custom domain:
[2023-06-14 22:33:42,542] - In the login failure handler. Cause: [invalid_client] AA**********: The reply address 'http://<IP>/login/oauth2/code/oidc' does not match the reply address 'https://<APPSMITH_CUSTOM_DOMAIN>/login/oauth2/code/oidc' provided when requesting Authorization code.
To resolve the issue, you need to reconfigure SSO. Set the redirect URL to the proper URL with the custom domain.
To avoid such problems in the future, we recommend users to first finish configuring the custom domain before starting the SSO configuration.