Google SSO Login Failure - Redirect Hangs After Google Authentication

Pritunl Pritunl VPN
1

Hello,

I am experiencing an intermittent issue with Google SSO login that began yesterday (August 7, 2025). Users authenticate successfully with Google, but the process hangs or fails to complete the final redirect back to my Pritunl server.

Specifically, after successful Google authentication, the user’s browser briefly attempts to redirect, but the process stalls. When this occurs, I observe an HTTP 500 (Internal Server Error) response on my Pritunl server’s callback URL: https://My-domain/key/callback. This indicates that while Google authenticates the user, my Pritunl server is failing to process the final callback request, leading to the login hanging and the authentication process not completing for the user.

Error log:

[2025-08-08 08:11:26,467][ERROR] Exception on /key/callback [GET]
Traceback (most recent call last):
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/flask/app.py", line 2190, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/flask/app.py", line 1486, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/flask/app.py", line 1484, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/flask/app.py", line 1469, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/pritunl/auth/app.py", line 26, in _wrapped
    return call(*args, **kwargs)
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/pritunl/handlers/key.py", line 2570, in key_callback_get
    valid, google_groups = sso.verify_google(username)
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/pritunl/sso/google.py", line 39, in verify_google
    data = service.users().get(userKey=user_email).execute()
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/googleapiclient/_helpers.py", line 130, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/googleapiclient/http.py", line 923, in execute
    resp, content = _retry_request(
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/googleapiclient/http.py", line 222, in _retry_request
    raise exception
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/googleapiclient/http.py", line 191, in _retry_request
    resp, content = http.request(uri, method, *args, **kwargs)
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/google_auth_httplib2.py", line 218, in request
    response, content = self.http.request(
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/httplib2/__init__.py", line 1720, in request
    (response, content) = self._request(
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/httplib2/__init__.py", line 1440, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "/usr/lib/pritunl/usr/lib/python3.9/site-packages/httplib2/__init__.py", line 1392, in _conn_request
    response = conn.getresponse()
  File "/usr/lib/pritunl/usr/lib/python3.9/http/client.py", line 1377, in getresponse
    response.begin()
  File "/usr/lib/pritunl/usr/lib/python3.9/http/client.py", line 320, in begin
    version, status, reason = self._read_status()
  File "/usr/lib/pritunl/usr/lib/python3.9/http/client.py", line 281, in _read_status
    line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
  File "/usr/lib/pritunl/usr/lib/python3.9/socket.py", line 716, in readinto
    return self._sock.recv_into(b)
  File "/usr/lib/pritunl/usr/lib/python3.9/ssl.py", line 1275, in recv_into
    return self.read(nbytes, buffer)
  File "/usr/lib/pritunl/usr/lib/python3.9/ssl.py", line 1133, in read
    return self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out

/etc/hosts setup from this incident Pritunl Zero Crash auth: Google request failed - #14 by zach

129.80.151.180 app.pritunl.com
129.80.151.180 auth.pritunl.com

Hypothesis: Based on the browser behavior and the fact that a direct API call to Google from my server works, I suspect there is a communication or redirect issue with the intermediary service at auth.pritunl.com. The service seems to be receiving the authentication response from Google but failing to redirect it to my Pritunl server’s final callback URL.

Any guidance or assistance on how to resolve this would be greatly appreciated. I am happy to provide more specific configuration details if needed.

Thank you.

2

There appears to be a network outage in the South Asia region affecting connectivity to the Google Workspace API. This is similar to an outage that occurred a few weeks ago in South Asia that impacted connectivity to the Pritunl subscription servers. These are regional issues with internet infrastructure in the South Asia region. I don’t have any further information on this, these appear to be related to government internet shutdowns occurring in the region that cause routing instability.

This is a connection issue with the Google Workspace API not the app.pritunl.com servers.

3

An update has been released Pritunl v1.32.4349.59 that will implement rate limiting and remove redundant usage of the Google Workspace API. This should fix issues with active connections dropping but new connection requests need the API validation. If the API issues continue it may take multiple connection attempts for a user to connect. If set commands were used to disable single sign-on checks temporarily, run the commands below after updating to revert the single sign-on skip options to the default values. These commands can be run even if no changes were made to verify the values have the correct default configuration.

sudo pritunl unset app.sso_connection_check
sudo pritunl unset user.skip_remote_sso_check
1 Like