I assume appending .persistent to the file makes it persistent and it won’t be changed by Yunohost anymore? I guess for that file it is a bit of a problem as this file is changed when users or domains are changed?
I have a similar problem with the SSO login, I can not login as a user on portal.example.org, but only on example.com, see also my other reply here.
I think the problem lies one of the last lines that read:
"redirected_urls": {
"moodle.example.org/": "moodle.example.org/moodle",
"portal.example.org/": "portal.example.org/yunohost/sso"
But I am not sure why the redirect is even needed in that place.
More likely that is is something else. but the similarity to the issue discussed here is that example.org is not used for web (in my case not even setup on the server in contrary to the mail only domain in the thread here). For main domain I use another domain example.com. (com vs. org!!)
I found that when I install some random app in a subfolder of portal.example.org/helper-app (the my_webapp in my case, but others work too) and set this app to be available to all users and with the tile visible, then the portal.example.org allows login for ordinary users.
I guess unused domains need to have some block in /etc/ssowat/conf.json to allow all users to login, but maybe Yunohost does not add that block when the domain is not used.
Maybe someone can verify this?