400 Bad request when system is executing a SAML forceauthn after re-authentication Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka02a000000bnkxsai&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2fbad-request-with-forceauthn-2017-27
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
400 Bad request when system is executing a SAML forceauthn after re-authentication
Published: Jul 13, 2017   -   Updated: Jun 22, 2018
The Okta Release 2017.27, released to production on Jul 13, introduced a failure in a SAML ForceAuthn flow. If a RelayState is used in the SAML flow, the RelayState is dropped when the SAML assertion is sent after the re-authentication. This will cause a failure in the flow (i.e. "400 Bad Request).

If experiencing this issue, please contact Okta Support to reconfigure your Okta Tenant to prevent this from happening while a code fix is being put in place.