Replies: 2 comments 1 reply
-
|
the error log will tell you what is going on, most probably a (state) cookie that is missing |
Beta Was this translation helpful? Give feedback.
-
|
I see messages about expired state cookies, but none of the original URLs listed match. Do I need to turn up the log level? |
Beta Was this translation helpful? Give feedback.
-
|
Well, it helps if I look at the right error log :-( Now I am seeing these errors: oidc_util_json_string_print: oidc_util_check_json_error: response contained an "error" entry with value: ""invalid_grant"" and oidc_util_json_string_print: oidc_util_check_json_error: response contained an "error" entry with value: ""invalid_grant"" Every place that I can find redirect_uri listed in the error log is has the right value. |
Beta Was this translation helpful? Give feedback.
-
I have one Apache web server that uses mod_auth_openidc to authenticate to Azure AD. The user goes to an application that is proxied from the web server, and that app sends a request to another Apache web server that uses mod_auth_openidc to authenticate to Okta. If you are using Chrome or Edge, you get this message after entering your username / password:
Firefox and Safari users don't have a problem.
I'm using version 2.4.11 of mod_auth_openidc.
OIDCResponseType is not set, so I assume that it is defaulting to "code".
Is this a known issue with Chrome and Edge, or is my config wrong?
Any suggestions would be greatly appreciated.
Beta Was this translation helpful? Give feedback.
All reactions