Hello Okta team,
I am reporting a bug that I observes - a 414 error on a simple SAML/SSO setup with SMS MFA enabled.
Steps to reproduce:
- bring up my web application
- redirect to Okta login page
- enter correct credentials which brings to SMS verification page.
- click on Send Code
- wait long enough (5+ minutes) , enter the received SMS code
- it brings to login page (step 2) with message “Your session has expired, please try to sign-in again”
- repeat 3 and 4
- enter the correct SMS code (without waiting)
- Got error page “414 Request-URI Too Large”
In step 9, SAML-tracker shows sessionCookieRedirect is a GET method (which is known that can’t handle large Request). I believe it should be using POST method. In a normal process in which after steps 1-4 , if I enter correct SMS code without waiting long, SAML-tracker shows the call of sessionCookieRedirect is a POST method and authentication get through (with POST saml/SSO back to my application).