How to redirect unauthenticated users to the Okta agentless Dsso page

Daniel_Mainpac · January 15, 2021, 5:21am

Hello everyone,

I am in the middle of deploying our Web Application to our client with Otka sign sign on. The sign in process works as intended, the problem is when a user does not have access permissions in Okta to our application, Okta returns a null token. Chrome then takes this and redirects the browser to IIS

https://serverName/?errormessage=IDX21323:%20RequireNonce%20is%20'System.Boolean'.%20OpenIdConnectProtocolValidationContext.Nonce%20was%20null,%20OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce%20was%20not%20null.%20The%20nonce%20cannot%20be%20validated.%20If%20you%20don't%20need%20to%20check%20the%20nonce,%20set%20OpenIdConnectProtocolValidator.RequireNonce%20to%20'false'.%20Note%20if%20a%20'nonce'%20is%20found%20it%20will%20be%20evaluated.

All other Okta enabled apps with the client redirect to a standard Okta error page as below for Proofpoint Security Awareness Training and is the same for Microsoft Office 365 and several other web applications. What do I need to do to have our application respond with the same Okta error page?

Cale · January 19, 2021, 10:09pm

Hi Daniel! This error page is a selectable option in SAML and SWA apps under the General tab:

Unfortunately this is not currently an option in Okta OIDC applications. Since Proofpoint and Office 365 are integrated with the aforementioned SSO solutions - that’s why you see these error pages for them.

I hope this answers your question!

Daniel_Mainpac · January 20, 2021, 6:15am

Is their a ways to set context.ProtocolMessage.ErrorUri when using OIDC or redirect to the URL responsible for the global settings error page.