Unable to Log in With SSO When Using a Custom Domain

Issue

Sometimes users cannot log in with Single Sign-On (SSO) after configuring a custom domain and are redirected to https://user/login?error=true. This article explains how to debug this issue and provides a potential solution. In this example, OpenID Connect (OIDC) is used.

Resolution

To debug the issue, get the container logs and search for errors. If you find an error similar to the below one, it means that you configured SSO before configuring the custom domain:

[2023-06-14 22:33:42,542] - In the login failure handler. Cause: [invalid_client] AA**********: The reply address 'http://<IP>/login/oauth2/code/oidc' does not match the reply address 'https://<APPSMITH_CUSTOM_DOMAIN>/login/oauth2/code/oidc' provided when requesting Authorization code.

To resolve the issue, you need to reconfigure SSO. Set the redirect URL to the proper URL with the custom domain.

To avoid such problems in the future, we recommend users to first finish configuring the custom domain before starting the SSO configuration.

Updated

Unable to Log in With SSO When Using a Custom Domain

Issue

Resolution

Related solutions

Keycloak error - unable to login via SSO

OIDC Timeout: Appsmith crashes with error 503

SSO Error: "Invalid request" When Accessing the App from the IdP