[FYI] Upgrading from v8 -> v10 Broke Okta SAML

[dvfeinblum-betterment]

Hey folks; this isn't really an issue that needs to be fixed, per se, but I wanted to share an experience we had recently going from v8 to v10. Post upgrade, I was able to log in and do all the things, as could most of our users. However, after the weekend, the majority of our users could no longer log in, seeing the infamous-in-your-help-forums "blank login screen."

After much confusion, we finally realized that the issue was that SAML had somehow been disabled at some point during the upgrade. I still don't fully understand how this happened. The other issue we had is that, while the docs state that the audience URI should match the Single Sign On, Recipient, and Destination URLs, redash was throwing AudienceRestriction errors when we had all of those URLs identical. I had to figure out the value we'd had this set to previous in order to fix the problem.

Anywho, I hope any or all of this is helpful to y'all. If nothing here is of value, feel free to just close this issue. I'm also happy to provide more info if y'all have questions.

Aside from this, the upgrade was incredibly helpful and your docs were great, btw 👍

[dvfeinblum-betterment]

Also just to be clear for any non-maintainers reading this, if you're getting the blank login screen of death, make sure that you've actually got SAML turned on @ https://{redash url}/settings/general (again this somehow got turned off when we upgraded)

If this is disabled, you won't get the helpful error log(s) I mentioned above.