How to redirect unauthenticated users to the Okta agentless Dsso page

Hello everyone,

I am in the middle of deploying our Web Application to our client with Otka sign sign on. The sign in process works as intended, the problem is when a user does not have access permissions in Okta to our application, Okta returns a null token. Chrome then takes this and redirects the browser to IIS

https://serverName/?errormessage=IDX21323:%20RequireNonce%20is%20'System.Boolean'.%20OpenIdConnectProtocolValidationContext.Nonce%20was%20null,%20OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce%20was%20not%20null.%20The%20nonce%20cannot%20be%20validated.%20If%20you%20don't%20need%20to%20check%20the%20nonce,%20set%20OpenIdConnectProtocolValidator.RequireNonce%20to%20'false'.%20Note%20if%20a%20'nonce'%20is%20found%20it%20will%20be%20evaluated.

All other Okta enabled apps with the client redirect to a standard Okta error page as below for Proofpoint Security Awareness Training and is the same for Microsoft Office 365 and several other web applications. What do I need to do to have our application respond with the same Okta error page?

OktaDssoExample998×331 62 KB

Hi Daniel! This error page is a selectable option in SAML and SWA apps under the General tab:

Screen Shot 2021-01-19 at 5.01.58 PM734×592 40.8 KB

Unfortunately this is not currently an option in Okta OIDC applications. Since Proofpoint and Office 365 are integrated with the aforementioned SSO solutions - that’s why you see these error pages for them.

I hope this answers your question!

Is their a ways to set context.ProtocolMessage.ErrorUri when using OIDC or redirect to the URL responsible for the global settings error page.