Infinite loop in the sign in page

dotnet

#1

The issue is when it is logining in, the sign in page keeps refreshing and calling okta. It looks like the app is in an infinite loop. The attachment shows tjhe issue. Could anyone please solve this issue for me? it is kind of urgent.

My web app is .net core 2 web app.

This part is my configuration in Configuration services:

services.AddAuthentication(sharedOptions =>
            {
                sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            })
            .AddCookie(options=> { options.Cookie.SameSite = SameSiteMode.Lax; })
            .AddOpenIdConnect(options =>
            {
                // Configuration pulled from appsettings.json by default:
                options.ClientId = Configuration["okta:ClientId"];
                options.ClientSecret = Configuration["okta:ClientSecret"];
                options.Authority = Configuration["okta:Authority"];
                options.CallbackPath = "/Account/Login";
                //options.ResponseType = "code";
                options.SaveTokens = true;
                options.UseTokenLifetime = false;
                options.GetClaimsFromUserInfoEndpoint = true;
                options.Scope.Add("openid");
                options.Scope.Add("profile");
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    NameClaimType = "name"
                };
            });

Login action:

 public IActionResult Login()
        {
            if (!HttpContext.User.Identity.IsAuthenticated)
            {

                return Challenge(OpenIdConnectDefaults.AuthenticationScheme);
            }
            return RedirectToAction("Index", "Home");
          
        }

Configure method in startup:

app.UseSession();
            loggerFactory.AddConsole(this.Configuration.GetSection("Logging"));
            loggerFactory.AddDebug();
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
                app.UseBrowserLink();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
            }
            app.UseAuthentication();
            app.Use(async (context, next) =>
            {
                if (string.Equals(context.Request.Host.Host.ToString(), "localhost", StringComparison.InvariantCultureIgnoreCase))
                {
                    await next.Invoke();
                }
                else
                {
                    context.Request.Scheme = "https";
                    await next.Invoke();
                }
            });

            //app.UseForwardedHeaders(new ForwardedHeadersOptions
            //{
            //    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
            //});
            app.UseStaticFiles();
            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "ItemPerformance/{controller=Account}/{action=Login}/{id?}");
                routes.MapRoute(
                    name: "default1",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });


#2

If this is urgent - please reach out to developers@okta.com they can give your actual SLA, the dev forum does not have an SLA on response times.

@lee.brandt or @nate.barbettini have any thoughts here?


#3

I am not quite sure if I configure OKTA in a wrong way? Probably it is because my code?


#4

I’m a total newb with .NET so I’m not the right person to help.

If you catch the call to the authorize route and the redirect callback, what do they look like from the browser?

The redirect callback may be in error that is causing your code to redirect back to login?

Just trying to help you troubleshoot.


#5

https://thewarehousegroup.okta.com/oauth2/v1/authorize?client_id=0oamyfrq9OaWQT4vP2p6&redirect_uri=https%3A%2F%2Fmerch.twg.co.nz%2FItemPerformance%2FAccount%2FLogin&response_type=code&scope=openid%20profile&response_mode=form_post&nonce=636537168884546228.NzkyMmMxNGQtNjNhNC00MWRiLWJmODctY2FjZTk0YTk2ZTRkZGY3NDRhOGMtODlmMC00NDk3LWJlYWQtMGRiYzQyODBhMWU4&state=CfDJ8MMUhKmgzx9GiCONvsSveFgYPFsJT_xoOc16BTeP8qpueCGu9-yzSwBJPs2ZHNcplJ5v5IxfTxbWxEZsi1YScpzSkBT0h0i-YXy8ZlfD8nQqUQk9MSvIU5Aae2CLuZoRjzdbvVZtwxEzMkMp0OYCGfs2w1X377w7ODaRveLJskMRZRG5cdAAxJxICRf4y_k5go0b8ZMux0VgFBislmv7iKdXswO6lR_rsKVsXred3sbq1KNz0HAq3GGoR9_RBTF18RtcvCHhQ0hC8OAah1hDRmwS3JfqTwo4UKGSao5ret7xqcz81M9gx4JIT4-dL1yaSFiW9RUJ2jSQRp9ZzsUbhRtgkl3M9PZgXcXMJFXrwAel&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

This is the url. The page stays in the sign-in page and keep refreshing over and over again


#6

The problem is solved.:joy:


#7

Thanks for the update - what was the issue? Just in case someone else runs into the same problem.


#8

Actually, it is not the problem of OKTA. it is just the url issue. Our app is running in aws docker. So after authentication, the method could not find the correct url to redirect which causes infinite loop. URL is always annoying thing to deal with for web app. :joy::sweat_smile:


#9

hello, can someone help me with the looping issue. I integrated Victorops application with okta but users are not able to login as it is always showing a looping screen. I tried this in Okta sandbox but all was fine with it and users could login. One thing to mention here is that in Okta Sandbox, users were created manually and in production they are AD integrated.Can you please suggest…thank you!