Add more SSO logging for failure conditions

app/controllers/session_controller.rb

@@ -43,6 +43,7 @@ class SessionController < ApplicationController
     return_path = sso.return_path
     sso.expire_nonce!
 
+    begin
       if user = sso.lookup_or_create_user
         if SiteSetting.must_approve_users? && !user.approved?
           # TODO: need an awaiting approval message here
@@ -53,6 +54,15 @@ class SessionController < ApplicationController
       else
         render text: "unable to log on user", status: 500
       end
+    rescue => e
+      details = {}
+      SingleSignOn::ACCESSORS.each do |a|
+        details[a] = sso.send(a)
+      end
+      Discourse.handle_exception(e, details)
+
+      render text: "unable to log on user contact site admin (see /logs for more info)", status: 500
+    end
   end
 
   def create