We have a react/ spring boot application that uses okta/ oidc for authentication (login) purposes. Most of the logic is in spring boot. The application works fine (okta login successful and redirect to the logged in/landing page) on localhost. We have the same application (only difference being application-x.properties) deployed on 2 dev environments. Out of the 2, we have an issue in only one of the environments. The app redirects to okta login, okta login is successful but it shows http 401 error after redirect (to the correct page). We used a saml tracer and posting the saml trace. Can you please help with on what Okta settings to check for:
localhost (no issues):
ht tp // localhost :3000/server/odic/custom/authenticate?client_redirect_url=ht tp%3A%2F%2Flocalhost%3A3000%2Fauth_result
ht tp // localhost :3000/server/oauth2/authorization/okta
ht tps // abc okta com /oauth2/aus54dypbc4oJ6kiY4h7/v1/authorize?response_type=code&client_id=0oa53oj537zqZF0Fv4h7&scope=profile%20email%20openid&state=uhAQALL9KP7D2gQi3X7uD2O9NQ2OYaYILVOMKfwIXos%3D&redirect_uri=ht tp //localhost :3000/server/authorization-code/callback&nonce=47eonFq1D4Je3dBCsR3ylk4gxsjXoHZetBfWkd-ifm4
ht tps // abc .mtls . okta. com/sso/idps/MTLS?stateTokenExternalId=dUZIUmJsUGlMTU93MVBlWUxPK0pIbzlxT0VZeVYvNGR3V1FlcUU1OExmeGZPNDAvRllSNUVxV2ZSUWVkOVBHLw
ht tps // abc .okta . com/sso/idps/MTLS/mtlscallback?state=dUZIUmJsUGlMTU93MVBlWUxPK0pIbzlxT0VZeVYvNGR3V1FlcUU1OExmeGZPNDAvRllSNUVxV2ZSUWVkOVBHLw&code=c4718613-80ac-4342-a914-d413eb84e38e
ht tps // abc .okta . com/login/token/redirect?stateToken=02.id.7UyHne8wUDlYO0gcxt-s5WtYOgQ0G3qi_i73wLUb
ht tp //localhost : 3000/server/authorization-code/callback?code=xRUiJnlJUKixjd9A6RjnaqGKV0831tkKhGSt-v9tyWw&state=uhAQALL9KP7D2gQi3X7uD2O9NQ2OYaYILVOMKfwIXos%3D
ht tp // localhost: 3000/server/
ht tp // localhost: 3000/auth_result?login_token=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJBREU0NUZLIiwiYXVkIjoiQVVUSEVOVElDQVRFRF9DTElFTlQiLCJpc3MiOiJTQS5QRURFTlRSWS5MT0NBTC1wZWRFbnRyeS1sb2NhbCIsImV4cCI6MTcyOTAxOTcyN30.tW8fTzgjjrcDiS6gqgsg6crFwJUdulbbFr6vduNMF3Jd8O72Po9I6MlLd4WtJtfNc6pkA0oB4kVLhgCA0TfkPg
sa-p . com (ht tp 401 error):
ht tps // sa-p . com/server/odic/custom/authenticate?client_redirect_url=ht tps%3A%2F%2Fsa-p . com%2Fauth_result
ht tps // sa-p . com/server/oauth2/authorization/okta
ht tps // abc . okta . com/oauth2/aus54dypbc4oJ6kiY4h7/v1/authorize ?response_type=code&client_id=0oa53oj537zqZF0Fv4h7&scope=profile%20email%20openid&state=3K8o9saBV14ie7vDK0ZgfaiQwGcFnFOANQhzw8osn6Q%3D&redirect_uri=ht tps //sa-p . com/server/authorization-code/callback&nonce=oNTW20z0uocoUO7AqImUYJ10itJt87qxNaipfslMcb0
ht tps // abc .mtls . okta. com/sso/idps/MTLS ?stateTokenExternalId=UXMrNkk2RkduSVpORmNKa3hIWUU1bXk2eUxvWmtEVDJZNXZrcVBqdEk1a3Z4enc1UnI1K3JOYm93bUhIazFEeg
ht tps // abc .okta . com/sso/idps/MTLS/mtlscallback ?state=UXMrNkk2RkduSVpORmNKa3hIWUU1bXk2eUxvWmtEVDJZNXZrcVBqdEk1a3Z4enc1UnI1K3JOYm93bUhIazFEeg&code=78f652c9-d3fe-4f38-8c20-872ae88b1f44
ht tps // abc .okta . com/login/token/redirect ?stateToken=02.id.190ypgxg9UJqIzerrkGpO_YbscY-N2LVlkTzCygp
ht tps // sa-p . com/server/authorization-code/callback ?code=rv8m9Tpp6NgOeaZ7BPmU88kuJQA3_xQJ_9739Oftjsg&state=3K8o9saBV14ie7vDK0ZgfaiQwGcFnFOANQhzw8osn6Q%3D
ht tps // sa-p . com/server/ - ht tp 401 error
sa-b. com (no issues):
ht tps // sa-b . com/server/odic/custom/authenticate ?client_redirect_url=ht tps %3A%2F%2Fsa-b .com%2Fauth_result
ht tps // sa-b . com/server/oauth2/authorization/okta
ht tps // abc .okta .com /oauth2/aus54dypbc4oJ6kiY4h7/v1/authorize?response_type=code&client_id=0oa53oj537zqZF0Fv4h7&scope=profile%20email%20openid&state=ASd8c_2ghhl_-OA270UKgTlUmu1DSBf2CUqensDaVjs%3D&redirect_uri=ht tps://sa-b .com/server/authorization-code/ callback&nonce=uD1JlVmnxj7aGKCPb8_BZVfhJ2JpOLEGmY-Hl1TNFDg
ht tps // sa-b . com /server/authorization-code/callback?code=DWXeGBipqPGqaKJY55iVc4fufMX8lIv3ACobxA6M3LE&state=ASd8c_2ghhl_-OA270UKgTlUmu1DSBf2CUqensDaVjs%3D
ht tps // sa-b . com /server/
ht tps //sa-b . com / auth_result?login_token=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJBREU0NUZLIiwiYXVkIjoiQVVUSEVOVElDQVRFRF9DTElFTlQiLCJpc3MiOiJTQS5BSVJTRUEuREVWLWFpclNlYS1kZXYiLCJleHAiOjE3MjkwOTM1MjJ9.Wh1Vdxd0veQ6JPm-8sMdlRo1wqu7C1BUyxsLLTKE-m8HKxvWb1bFOdfIT684w-DydP6llKP7XS7sV0Xg1Sx0og