Unable to Log in With SSO When Using a Custom Domain

Issue

Sometimes users cannot log in with Single Sign-On (SSO) after configuring a custom domain and are redirected to https://user/login?error=true. This article explains how to debug this issue and provides a potential solution. In this example, OpenID Connect (OIDC) is used.

redirect

Resolution

To debug the issue, get the container logs and search for errors. If you find an error similar to the below one, it means that you configured SSO before configuring the custom domain:

[2023-06-14 22:33:42,542] - In the login failure handler. Cause: [invalid_client] AA**********: The reply address 'http://<IP>/login/oauth2/code/oidc' does not match the reply address 'https://<APPSMITH_CUSTOM_DOMAIN>/login/oauth2/code/oidc' provided when requesting Authorization code.

To resolve the issue, you need to reconfigure SSO. Set the redirect URL to the proper URL with the custom domain. 

oidc

To avoid such problems in the future, we recommend users to first finish configuring the custom domain before starting the SSO configuration.