Issue
After restarting the services on SSO configured Repository and AEN, if you access AEN url it will redirect to Repository url. After logging into Repository, you can no longer get back to AEN url, all pages on it will redirect to Repository url.
You will see the following error in server.log:
DEBUG: bad cookie signature
Cause
Repository creates a session cookie and AEN reads that session cookie to validate the login using a shared key system. AEN cannot validate the new cookie using its existing shared key and causing attempts to load the AEN page to redirect back to Repo when SSO is enabled.
Solution
1. Upgrade your Repository to version 2.33.17 or above which has a fix for this issue.
Repository versions 2.33.17 and above has whitelist feature added through the NEXT_URL_WHITELIST and NEXT_URL_WHITELIST_REGEXP config settings that would allow clients to mark external hostnames as safe.
2. Or add the following in config file, /home/anaconda-server/repo/etc/anaconda-server :
USE_SERVER_BASED_SESSIONS: false
It will allow SSO between AEN and Repository and you will be able to redirect back to AEN after login.
NOTE: This setting may affect the network security properties of AEN and Repository.