GetExternalLoginInfoAsync returns null

I’m currently trying to get Okta to work with our MVC based application. Unfortunatly I am not the original designer or author of original code. However after some digging I have found that my predecessors work was based on the sustainsys example app “SampleOwinApplication” and this certainly seems to provided the functionality that we require. So I have based my query on this sample that can be obtained from

If I configure the application to use the sustainsys stub authentication provider and using Chrome with a plugin to view SAML tokens. I can see the SAML token come back and is presented to the call back as expected:

public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
  var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();

and when it runs loginInfo gets filed in and all works as expected.

However when I change to configuration to use my Okta app, I get redirected to log in to Okta (as expected) and I can see successful authentication and a SAML token comes back to my application (as seen in the Chrome plugin). However the above consumer for the callback ends up with a null value in loginInfo.

Further digging into the issue shows that in the Statup.Auth.cs there is the following code:

  // Enable the application to use a cookie to store information for the signed in user
  // and to use a cookie to temporarily store information about a user logging in with a third party login provider
  // Configure the sign in cookie
  app.UseCookieAuthentication(new CookieAuthenticationOptions
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    Provider = new CookieAuthenticationProvider
      // Enables the application to validate the security stamp when the user logs in.
      // This is a security feature which is used when you change a password or add an external login to your account.  
      OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
        validateInterval: TimeSpan.FromMinutes(30),
        regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))

and then the Saml2 authentication is added


So it looks like cookie authentication is being used rather than saml2. If I check for cookies from the sustainsys site I can see them added to the browser and authentication works as expected. However, if I use Okta for authentication, no such cookies get set and the authentication fails.

Removing all the cookie authentication references results in:
A default value for SignInAsAuthenticationType was not found in IAppBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing.

So clearly this is required, shifting the call to app.UseSaml2Authentication(CreateSaml2Options()); before app.UseCookieAuthentication in the vain hope of it changing the priority and therefore picking up the SAML token fails and whilst the code runs authentication and the call to AuthenticationManager.GetExternalLoginInfoAsync, always results in a null value being returned regardless of the authentication provider.

So I either need to completely remove the cookie authentication so it is forced to use the saml packet, get Okta to set the necessary cookies or be able to parse the saml 2 token independently rather than relying on AuthenticationManager.GetExternalLoginInfoAsync to do the work.

Any clues/advice is appreciated