The Switch User scripts in ScriptRunner can fail with various SSO providers. Known providers that have encountered problems include:
- Okta (specifically, their SAML connector)
- JASIG CAS (which also uses SAML)
Usually, this is because those providers overwrite the session variable that Switch User sets to determine the logged in user.
It may be that any fix will be specific to the implementation of the SSO provider. At the very least, we need to document this issue so that users can be aware. We do know that the Switch User scripts can work with a variety of SSO providers, so this is likely an implementation detail in your SSO setup.