here is a snippet of what my Suitelet is trying to do.

var userId = nlapiGetUser();
    nlapiLogExecution('DEBUG', 'user is:', userId);
    if (userId < 1) {
      var context = nlapiGetContext();
      var userAccountId = context.getCompany();

      url = '/c.' + userAccountId + '/sspapplicationname/checkout.ssp';
    } else {
      url = nlapiOutboundSSO('customsso_sso_pieslak_test');
    }

that should log your DEBUG statement no matter how it's invoked... are you using the 'internal' or the 'external' url to hit the suitelet? Using the 'external' url in your browser should result in that message being displayed, provided the code snippet above is run for an HTTP GET request

I'm using the external url, but with 1 slight difference. instead of using the "forms.netsuite.com" domain I am using "checkout.netsuite.com"

does it work with

forms

but not with

checkout

?

what I'm seeing is when I use the External Url: https://forms.netsuite.com/app/site/hosting/scriptlet.nl?script=...&deploy=1&compid=...&h=... the suitelet executes, but it cannot resolve the current user's identity, even if they are logged in to the SSP application.

use the internal url when users are logged in

when I change the domain name and us a url of: https://checkout.netsuite.com/app/site/hosting/scriptlet.nl?script=...&deploy=1&compid=...&h=... the suitelet executes correctly when I am logged in. when I am not logged in, however, I am redirected here: https://system.netsuite.com/app/login/secure/enterpriselogin.nl?c=...&whence=

it does all come down to the (login) cookie and which domains it will attach to

understood - and that makes sense. what I can't figure out is why NetSuite won't serve my Suitelet to "checkout.netsuite.com" when I'm not authenticated. Probably b/c that is my checkout domain.

sorry, you may have to change the domain dynamically based on whether the user is logged in or not?

yes - I think that approach will work. I'm using SCA instead of SiteBuilder.