I’m running Nomad behind an Apache proxy that deals with the SSO authorization, and then calls back to Nomad’s /oidc/callback
. When a user logs in to the SSO, they reach Nomad but they’re not authorized yet. They still have to go to /ui/settings/tokens
and click on the button to sign in with SSO, and only then do they get a token.
This is what the SSO flow looks like right now:
I don’t understand why there’s a request for /v1/acl/token/self
that ends in 500 and then another one that ends in 403.
When clicking on the sign in with SSO button, I get redirected to the SSO again, and then there are another two requests to /v1/acl/token/self
that fail and finally one that succeeds.
At this point, the user has a valid token.
Is there a way to skip this second step, and get a token directly after finishing the initial SSO flow? My SSO auth-method is marked as default and I’ve tried playing around with multiple different redirect URLs, but nothing seems to work.