Authentication Issue: Infinite Redirect Loop After Removing Keycloak SAML IDP Binding
Issue Description
We’ve encountered a serious authentication problem with Cursor after making changes to our SSO configuration. After setting up Keycloak and completing domain verification, we decided to remove the Keycloak SAML IDP binding, which has resulted in all users with our company email domain being unable to log in to Cursor. When attempting to log in, users experience an infinite redirect loop.
Background
We initially set up SSO with the following configuration:
- Keycloak as our identity provider
- Domain verification for our company email addresses
- SAML IDP binding for authentication
Reasons for Removing SSO Binding
We removed the SSO binding for two primary reasons:
- Limited Authorization: Not everyone in our company is authorized to use Cursor. We only purchased commercial licenses for our small team, but after setting up domain verification and SSO, Cursor automatically granted commercial access to all email addresses under our domain.
- Pro Version Users: Some of our colleagues were already using the non-commercial Pro version and preferred to continue using their Pro licenses until they expired before switching to the commercial version.
Current Problem
After removing the SAML IDP binding to address these issues, we’re now facing a complete authentication failure. All users with our company email domain are stuck in an infinite redirect loop when trying to log in to Cursor.
Questions
- Is there a way to restore login access for our domain users without forcing everyone onto the commercial version?
- Can we configure SSO to only apply to specific email addresses within our domain rather than the entire domain?
- Is there a specific process for safely removing SSO integration without breaking authentication?
Any assistance or guidance would be greatly appreciated. This issue is currently preventing our authorized users from accessing Cursor.