Using OpenID Connect for login, a user:
- visits one of our sites
- clicks to log in
- is redirected to gluu
- logs in successfully
- is redirected to the original site
- original site processes user's token and initializes the user's session
Upon returning to the original site the user is asked to log in again. No error messages are displayed.
This only seems to affect users on satellite-based Internet connection, and only when attempting to log in to sites running on a particular system. So far we have been unable to reproduce the issue (i.e. by using network conditioning) and we do not have access to a satellite-based Internet connection.
The sites affected by the bug are maintained by a third party. I'm inquiring about getting any information (e.g. logs) related to the failed login attempt.
Could the problem be caused by some kind of timing issue? Are there any settings we could tweak to see if they resolve the problem for our users?