shipra
January 29, 2020, 4:26pm
1
Hi,
I implemented OKTA OpenId in my existing ASP.NET MVC application as my client has moved to OKTA org. I used the example:
This app is now part of client’s OKTA Org from where users clicks the app tile and gets redirected to the home page of ASP.NET MVC application.
Now on clicking OKTA org tile, the app is going into a loop of sign in steps and after some time it throws error:
HTTP Error 400. The size of the request headers is too long.
My startup file is has following code in Configuration method
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOktaMvc(new OktaMvcOptions()
{
OktaDomain = ConfigurationManager.AppSettings["okta:OktaDomain"],
ClientId = ConfigurationManager.AppSettings["okta:ClientId"],
ClientSecret = ConfigurationManager.AppSettings["okta:ClientSecret"],
AuthorizationServerId = string.Empty,
RedirectUri = ConfigurationManager.AppSettings["okta:RedirectUri"],
PostLogoutRedirectUri = ConfigurationManager.AppSettings["okta:PostLogoutRedirectUri"],
GetClaimsFromUserInfoEndpoint = true,
Scope = new List<string> { "openid", "profile", "email" },
});
Please help.
croden
March 10, 2020, 7:33pm
2
Hello Shipra, did you find a solution for this? We’re seeing the same thing but it’s not consistent.
Hi! Did you resolve this? We have the same issue only with some users. For this reason, Okta support told us that is our issue and didn’t help us.
Also experiencing this intermittently. Our site is hosted across 180 sites with unique DNS entries for each site.
However every so often a user a specific site will encounter this and will happen for all users trying to access this site.
andrea
January 20, 2021, 8:14pm
5
Is it user specific or site specific? Is there a lot of information about the user being stored in claims (such as group membership or profile attributes) as that can cause these sort of errors?
Seems to be site specific for me, as soon as a user raises it to our support team any one that attempts to access the site lands up with the same issue, IIS reset seems to help.
I use the following scopes in my request
openid email profile roles groups
Cookies are spammed into the clients browser
I’m looking at potential fixes from my side to try prevent this from happening including migrating from .net 4.7 to .net core as well as potentially trying to implement some of these work arounds https://stackoverflow.com/questions/36795259/too-many-cookies-openidconnect-nonce-cause-error-page-bad-request-request-too
but the migration process is taking some time so until I complete that I’m not able to work on attempting any work arounds yet.
vglab
May 11, 2021, 10:55am
7
Hi @BrandonM , I’m experiencing exactly the same behaviour (loop, intermittently, site wise problems, reset helps).
Did you found a solution?
Thanks!!
Do you see the same behavior hosting the application locally as you do deployed? Do you happen to have a proxy/load balancer in place?
vglab
May 12, 2021, 8:23am
9
Hi @andrea I can’t reproduce the behavior locally.
The application is deployed on AWS and yes there is a load balancer in place.
Can the load balancer be the problem? In this case, how should check / fix?
Thanks!
andrea
May 12, 2021, 5:18pm
10
One thing you may want to look into is to try enabling sticky sessions on your load balancer, its possible that different servers are handling each part of the authorization and they cannot access the original “session” that was created in your .NET app.
