Troubleshooting SSO integration with Sisense and auth0-linux
This article provides a comprehensive guide to resolving issues during Single Sign-On (SSO) integration with Sisense using OpenID Connect and Auth0. It addresses common problems such as unexpected redirection to login screens and infinite login loops.
Step-by-Step Setup & Validation
Step 1: Review Sisense SSO Configuration
In the Sisense Admin UI, navigate to Admin > Security > SSO, choose OpenID Connect, and fill out each field as shown below. Double-check that all values are entered exactly as provided in Auth0.
|
Sisense Field |
What to Enter |
Where to Find in Auth0 |
|
Scope |
openid email profile |
[Docs or app config] |
|
Client ID |
Your Auth0 Application’s Client ID |
App > Settings |
|
Client Secret |
Your Auth0 Application’s Client Secret |
App > Settings |
|
Issuer |
https://your-auth0-domain.auth0.com/ (with trailing slash) |
App > Domain/Settings |
|
Authorization URL |
Auth0 docs | |
|
Token URL |
Auth0 docs | |
|
User Info URL |
Auth0 docs |
Step 2: Configure Auth0 as the Identity Provider
- In Auth0 Dashboard > Applications > Your App > Settings:
Allowed Callback URLs:
Add all Sisense and embed application callback/redirect URLs.
https://sisense.company.com/auth/callback
https://app.company.com/callback Allowed Web Origins:
Include all domains running OIDC checks or hosting Sisense embeds.
https://sisense.company.com
https://app.company.com Allowed Logout URLs:
Add URLs for post-logout redirection.
Double-check Client ID, Client Secret, and Domain for use in Sisense setup.
Step 3: Configure Cookie and Session Settings for Embedding
- In Sisense, under Admin > Security > General, set Support Cross-Site Cookies for Embedding to None (unless your security policy requires otherwise).
- If embedding Sisense content, ensure cookies are set with SameSite=None; Secure and all access is over HTTPS.
- Always test in a private/incognito browser window to avoid cached sessions/cookies.
SSO Debugging & Troubleshooting Checklist
Basic Verification
- All Sisense SSO fields are filled out and match Auth0 exactly.
- Callback URLs, Web Origins, and Logout URLs in Auth0 include all needed Sisense and embed domains.
Testing SSO Login
- Attempt SSO login in an incognito/private window.
- Confirm you are redirected to Auth0 and then back to Sisense.
- Confirm you are logged in as the correct user.
If Login Fails or Loops
- Open Chrome DevTools > Network. Attempt login and observe any failed requests or redirects.
- Capture error messages from the browser UI, console, or HTTP responses.
- Review Sisense logs (/var/log/sisense/ on Linux if on-prem
- Check Auth0 logs for failed authentication or misconfiguration.
Common Issues & Error Interpretation
|
Error Message |
Likely Cause |
Resolution |
|
invalid_client |
Client ID or Secret mismatch |
Double-check both in Sisense/Auth0 |
|
invalid_request |
Callback URL mismatch or missing scope |
Ensure URLs/scopes are correct |
|
unauthorized / 401 |
Token exchange failed or cookies not set |
Check Secret, Token URL, cookies |
|
Redirect loop |
Cookie/session or SameSite/Secure misconfiguration |
Adjust cookie settings, use HTTPS |
What to Capture for Support
- Screenshot of your Sisense SSO config (mask Client Secret!)
- Full error messages from UI, browser console, or HTTP responses
- HAR file of a failed login session (DevTools > Network > Export HAR)
Relevant Sisense and Auth0 log entries
Conclusion
By carefully following these steps and validating every field and configuration, most SSO integration issues with Sisense and Auth0 can be resolved quickly. If issues persist, gather the items above and share them in your support case for faster resolution.
References/ Related Content
- Sisense Security Settings
- Configuring Sisense for SSO
- Compose SDK GitHub Repository
- Auth0 Configuration Guide
- Troubleshooting SSO using OIDC
Disclaimer: This post outlines a potential custom workaround for a specific use case or provides instructions regarding a particular task. The solution may not work in all scenarios or Sisense versions, so we strongly recommend testing it in your environment before deployment. If you need further assistance with this, please let us know.
