knieper
commented
8 years ago Was connected to the securelogin module (disabling this module allowed roles to be saved even if cosgin was enabled).
Noted that the securelogin settings were set using www.crlt.umich.edu and the setting for 'non-https' url was still using https. Looks like the ssl cert uses crlt.umich.edu. So set urls in securelogin settings to use http://crlt.umich.edu and https://crlt.umich.edu and changed settings.php base url to match. Cookie domain was already set to crlt.umich.edu. Drupal roles now save.
It's caused by cosign/securelogin module. Determine if there's a fix or if it must be added as a functionality to the client manager functionality.