diff --git a/lib/single_sign_on.rb b/lib/single_sign_on.rb
index 2758ad65f9c..686591f51d8 100644
--- a/lib/single_sign_on.rb
+++ b/lib/single_sign_on.rb
@@ -89,7 +89,7 @@ class SingleSignOn
   end
 
   def self.provider_secret(return_sso_url)
-    provider_secrets = SiteSetting.sso_provider_secrets.split(/[\|,\n]/)
+    provider_secrets = SiteSetting.sso_provider_secrets.split(/[|\n]/)
     provider_secrets_hash = Hash[*provider_secrets]
     return_url_host = URI.parse(return_sso_url).host
     # moves wildcard domains to the end of hash
diff --git a/spec/requests/session_controller_spec.rb b/spec/requests/session_controller_spec.rb
index a6c5e69d860..3453d5f82d7 100644
--- a/spec/requests/session_controller_spec.rb
+++ b/spec/requests/session_controller_spec.rb
@@ -589,7 +589,12 @@ RSpec.describe SessionController do
         SiteSetting.enable_sso_provider = true
         SiteSetting.enable_sso = false
         SiteSetting.enable_local_logins = true
-        SiteSetting.sso_provider_secrets = "*|secretforAll\n*.rainbow|wrongSecretForOverRainbow\nwww.random.site|secretForRandomSite\nsomewhere.over.rainbow|secretForOverRainbow"
+        SiteSetting.sso_provider_secrets = [
+          "*|secret,forAll",
+          "*.rainbow|wrongSecretForOverRainbow",
+          "www.random.site|secretForRandomSite",
+          "somewhere.over.rainbow|secretForOverRainbow",
+        ].join("\n")
 
         @sso = SingleSignOn.new
         @sso.nonce = "mynonce"