When attempting to authenticate with Okta oneID in Pre-Prod, it neither loads nor redirects to the application’s home page.
The URL that the application accesses is:
https://kyndrylsandboxthree.oktapreview.com/oauth2/default
I can’t open a case, can someone help me?
If you check the network events and/or the System Logs for this Okta org, do you see any specific failures or error messages reported?
Where can I view the system logs?
Okta oneID oauth2 has been unable to access the application since 7 AM.
Apache logs:
[php:error] […] PHP Fatal error: Uncaught Exception: authorization server returned an error: **access_denied** in /appl/www/RMS_DEV/releases/17/index.acesso.php:153
Line 153 contains this code snippet:
if(!empty($_GET[‘error’])) {
throw new Exception("authorization server returned an error: ".$\_GET\['error'\]);
}
The IdP responded with error=access_denied and error_description=User is not assigned to the client application. — this comes directly from Okta and is the root cause.
After that, the application throws state does not match and variable not initialized warnings because the OAuth flow was interrupted.
Hello @andrea, can you help me?
Apache logs:
[php:error] […] PHP Fatal error: Uncaught Exception: authorization server returned an error: **access_denied** in /appl/www/RMS_DEV/releases/17/index.acesso.php:153
Line 153 contains this code snippet:
if(!empty($_GET[‘error’])) {
throw new Exception("authorization server returned an error: ".$\_GET\['error'\]);
}
The IdP responded with error=access_denied and error_description=User is not assigned to the client application. — this comes directly from Okta and is the root cause.
After that, the application throws state does not match and variable not initialized warnings because the OAuth flow was interrupted.
The problem was found; we had a load balancer change, and the proxy didn’t come up. The network team fixed it, and I was able to authenticate with Okta oneID in the application.
After trying everything, I didn’t know I needed the proxy to authenticate with Okta oneID.
Problem solved, ok?
I think I lost track of what was going on here. How did you manage to fix this?
We restored the proxy and the application is working normally again.