Infinite loop in the sign in page

dotnet

#1

The issue is when it is logining in, the sign in page keeps refreshing and calling okta. It looks like the app is in an infinite loop. The attachment shows tjhe issue. Could anyone please solve this issue for me? it is kind of urgent.

My web app is .net core 2 web app.

This part is my configuration in Configuration services:

services.AddAuthentication(sharedOptions =>
            {
                sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            })
            .AddCookie(options=> { options.Cookie.SameSite = SameSiteMode.Lax; })
            .AddOpenIdConnect(options =>
            {
                // Configuration pulled from appsettings.json by default:
                options.ClientId = Configuration["okta:ClientId"];
                options.ClientSecret = Configuration["okta:ClientSecret"];
                options.Authority = Configuration["okta:Authority"];
                options.CallbackPath = "/Account/Login";
                //options.ResponseType = "code";
                options.SaveTokens = true;
                options.UseTokenLifetime = false;
                options.GetClaimsFromUserInfoEndpoint = true;
                options.Scope.Add("openid");
                options.Scope.Add("profile");
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    NameClaimType = "name"
                };
            });

Login action:

 public IActionResult Login()
        {
            if (!HttpContext.User.Identity.IsAuthenticated)
            {

                return Challenge(OpenIdConnectDefaults.AuthenticationScheme);
            }
            return RedirectToAction("Index", "Home");
          
        }

Configure method in startup:

app.UseSession();
            loggerFactory.AddConsole(this.Configuration.GetSection("Logging"));
            loggerFactory.AddDebug();
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
                app.UseBrowserLink();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
            }
            app.UseAuthentication();
            app.Use(async (context, next) =>
            {
                if (string.Equals(context.Request.Host.Host.ToString(), "localhost", StringComparison.InvariantCultureIgnoreCase))
                {
                    await next.Invoke();
                }
                else
                {
                    context.Request.Scheme = "https";
                    await next.Invoke();
                }
            });

            //app.UseForwardedHeaders(new ForwardedHeadersOptions
            //{
            //    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
            //});
            app.UseStaticFiles();
            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "ItemPerformance/{controller=Account}/{action=Login}/{id?}");
                routes.MapRoute(
                    name: "default1",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });


#2

If this is urgent - please reach out to developers@okta.com they can give your actual SLA, the dev forum does not have an SLA on response times.

@lee.brandt or @nate.barbettini have any thoughts here?


#3

I am not quite sure if I configure OKTA in a wrong way? Probably it is because my code?


#4

I’m a total newb with .NET so I’m not the right person to help.

If you catch the call to the authorize route and the redirect callback, what do they look like from the browser?

The redirect callback may be in error that is causing your code to redirect back to login?

Just trying to help you troubleshoot.


#5

https://thewarehousegroup.okta.com/oauth2/v1/authorize?client_id=0oamyfrq9OaWQT4vP2p6&redirect_uri=https%3A%2F%2Fmerch.twg.co.nz%2FItemPerformance%2FAccount%2FLogin&response_type=code&scope=openid%20profile&response_mode=form_post&nonce=636537168884546228.NzkyMmMxNGQtNjNhNC00MWRiLWJmODctY2FjZTk0YTk2ZTRkZGY3NDRhOGMtODlmMC00NDk3LWJlYWQtMGRiYzQyODBhMWU4&state=CfDJ8MMUhKmgzx9GiCONvsSveFgYPFsJT_xoOc16BTeP8qpueCGu9-yzSwBJPs2ZHNcplJ5v5IxfTxbWxEZsi1YScpzSkBT0h0i-YXy8ZlfD8nQqUQk9MSvIU5Aae2CLuZoRjzdbvVZtwxEzMkMp0OYCGfs2w1X377w7ODaRveLJskMRZRG5cdAAxJxICRf4y_k5go0b8ZMux0VgFBislmv7iKdXswO6lR_rsKVsXred3sbq1KNz0HAq3GGoR9_RBTF18RtcvCHhQ0hC8OAah1hDRmwS3JfqTwo4UKGSao5ret7xqcz81M9gx4JIT4-dL1yaSFiW9RUJ2jSQRp9ZzsUbhRtgkl3M9PZgXcXMJFXrwAel&x-client-SKU=ID_NET&x-client-ver=2.1.4.0

This is the url. The page stays in the sign-in page and keep refreshing over and over again


#6

The problem is solved.:joy:


#7

Thanks for the update - what was the issue? Just in case someone else runs into the same problem.


#8

Actually, it is not the problem of OKTA. it is just the url issue. Our app is running in aws docker. So after authentication, the method could not find the correct url to redirect which causes infinite loop. URL is always annoying thing to deal with for web app. :joy::sweat_smile: