SSO Troubleshooting First Steps

Unknown
Unknown
in Support Agents

SSO issues are intimidating - there's a lot of moving pieces involved and at least half of it is not on the Vanilla side. These issues are often very high priority for our clients though, as a failing SSO prevents their entire userbase from accessing their community.

Some first steps for SSO Troubleshooting:

Confirm The issue

Do you understand the problem as the client is describing it? If not, ask probing questions:

  • What user encountered the issue?
  • Was there an error message? Can the client provide a screenshot or copy of the text?
  • Is this happening to many users or does it seem isolated to a single one?
  • When did this start happening? Has the client made any recent updates to their SSO process?
  • Identify what SSO solution the client is using

Replicate

If this issue is affecting multiple users, try to replicate it on your own.

  • If SSO registration is open (no subscription fee / other blockers), create a test account and add those credentials to the 'Vanilla Shared' 1pass vault.
  • Attempt to sign in. Do you encounter the same error? Document this process as much as possible

Information Gathering

This part is a bit harder to list steps for as SSO issues can differ wildly.

  • If the problem seems to be with incorrect information being passed to Vanilla, switch on the DB Logger addon. This enables the 'Event Log' in the Dashboard (/settings/eventlog) and can allow you to see a lot information that is passed over whenever someone logs in via SSO. This can also highlight errors that are occurring during login attempts. Make sure you're viewing the JSON of the event log to get a full view of the data.
  • As an addendum to the above bullet point, if the client is using Oauth2, navigate to their Console page and set the Vanilla.SSO.Debug config to True.
  • Verify error messages
  • Check recent release notes for any updates to the SSO that the client is utilizing.
  • Can you search for those error messages in one of the Vanilla Support ticket centers (Freshdesk/Zendesk, Github/Jira)? Is there a solution related to any found tickets that can be applied in this situation?


Next Step

  • If you are unable to solve the ticket based on past experience or solutions in other tickets, create a note in the ticket with all your findings. Make sure you are detailed with any processes that you tested and relate any tickets that may be similar.
  • Tag Patrick Kelly in the note with any details from your investigation. He is our Solutions Consultant and may have some guidance on how to resolve the issue the client is facing. Even if PK responds to the client directly, maintain ownership of the ticket and follow the ticket to it's solution.
  • If the issue is severe (no one can access a client's site), escalate to Github/Jira. Mark the ticket as high priority and ping the Vanilla Dev channel with the ticket.


References:

Internal SSO Intro - Basic rundown of SSO

SSO Troubleshooting Checklist - Doc written up by PK with more advanced steps to take when troubleshooting, broken down per SSO

PK Shadowing Post - Notes from people shadowing PK on Solution Consultant calls. As this post grows, we will see a lot of solutions to SSO problems posted here.

Categories