OAG Admin UI Returns "System Error" After Initializing Cookie Domain During Initial Setup
Jul 5, 2024
Okta Classic Engine
Access Gateway
Okta Identity Engine
Overview
The following documentation outlines how to initialize the OAG Admin UI Console for the first time:
After following these steps and setting the cookie domains, OAG will redirect to the admin endpoint to log back in.
In the case of this issue, at this point instead of the login page, OAG displays a "System Error" with Tracking ID. The error indicates "An unexpected error occurred. This error has been logged." with no further details.
Other potential observations:
- When monitoring OAG Logs via Management Console, errors can be seen such as:
Access Gateway host:[gw-admin.domain.domain_name] referer:[
https://gw-admin.domain.domain_name/] error:[System Error] tracking ID:[6189f94875] details:[Could not find any default metadata entities in set [saml20-idp-hosted] for host [gw-admin.domain.<domain_name> : gw-admin.domain.<domain_name>]]
https://gw-admin.domain.domain_name/] error:[System Error] tracking ID:[6189f94875] details:[Could not find any default metadata entities in set [saml20-idp-hosted] for host [gw-admin.domain.<domain_name> : gw-admin.domain.<domain_name>]]
or
SimpleSAML\Error\Exception: URL not allowed: https://Gw-Admin.domain.domain_name
- When checking the OAG's Trusted Domains via Management Console, no entries are displayed.
Applies To
- Okta Access Gateway (OAG)
Cause
As noted in the documentation, OAG does not allow using upper case when setting the OAG domains. The issue described here is the result of using upper case in the domain.
