Okta hosted Widget works locally but not in other environments

We have set up hosted widget in our Asp.net MVC .net framework 4.8 application as following:

        public ActionResult Login()
        {
            if (!HttpContext.User.Identity.IsAuthenticated)
            {
                HttpContext.GetOwinContext().Authentication.Challenge(
                    OktaDefaults.MvcAuthenticationType);
                return new HttpUnauthorizedResult();
            }

            return RedirectToAction("Index", "Home");
        }

our startup.cs looks like this:

public void Configuration(IAppBuilder app)
{
	var oktaOn = true;
	if (!oktaOn) { return; }
	AntiForgeryConfig.UniqueClaimTypeIdentifier = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier";
	app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

	app.UseCookieAuthentication(new CookieAuthenticationOptions {
		CookieSameSite = SameSiteMode.None,
		CookieSecure = CookieSecureOption.Always,
		AuthenticationType = "Cookies",
		AuthenticationMode = AuthenticationMode.Active,
    });

	app.UseOktaMvc(new OktaMvcOptions()
	{
		OktaDomain = ConfigurationManager.AppSettings["okta:OktaDomain"],
		ClientId = ConfigurationManager.AppSettings["okta:ClientId"],
		ClientSecret = ConfigurationManager.AppSettings["okta:ClientSecret"],
		AuthorizationServerId = ConfigurationManager.AppSettings["okta:AuthorizationServerId"],
		RedirectUri = ConfigurationManager.AppSettings["okta:RedirectUri"],
		PostLogoutRedirectUri = ConfigurationManager.AppSettings["okta:PostLogoutRedirectUri"],
		GetClaimsFromUserInfoEndpoint = true,
		Scope = new List<string> { "openid", "profile", "email" },
		ClockSkew = TimeSpan.FromMinutes(6.0) // increase clockskew for drifting computer time
	});
}

Everything is working locally. We log in using Okta hosted widget but once we publish to other environment it stops working.

We seem to get stuck when authentication occurs and app is trying to go to Home/Index

https://xxxlogin.company.com/login/token/redirect?stateToken=02.id.gxc7CPUy5yXUAOg1bdM8r7JNjfkMU_ThAs3I4_qt

It just spins at the above URL for 15 minutes then we se the following message

The requested URL was rejected. Please consult with your administrator.

Your support ID is: 5188020406062XXXXXX

[[Go Back]]

Please help

Hey there,

Thank you for writing to Okta Devforum. My name is Akash, from Okta.

With regards to the issue that you are facing, I would like to get some additional context on the same. Could you please elaborate more on the environment in which the Widget is hosted? In addition to that, please let me know whether any of these environment using any Firewall, Network restrictions or VPN.

The requested URL was rejected. Please consult with your administrator.

Your support ID is: 5188020406062XXXXXX

Looks like the error message is produced from your environment. To find the exact reason for the issue, I would like to request you to fetch the logs that was generated from Okta. This will help us understand the exact issue by referring to the error message that was produced by Okta.

Let me know if you have any queries or concerns.