Access denied when I enable single org setting


We’ve setup grist:

  1. as a self managed instance (docker)
  2. with SAML enabled (keycloak)
  3. with redis sessionstore (initially it was file based - problem was the same)

When we try to enable environment variable GRIST_SINGLE_ORG=*** and then log in using the IDP, the page tells that access is denied with an button to “add account” (clicking on it does not do anything).

On the other hand, in the logs it logs an error, for which I’m not sure what is the cause: error: ScopedSession[***]: Error updating sessionStore: Error: failed to load session

I am not sure what we are doing wrong, but we would like to have a self managed grist deployment with SAML and single organization enabled, which from this perspective does not work and we’re not sure why?