OAG: EBS App Whitelist Validation Failed
Last Updated:
Access Gateway
Okta Classic Engine
Okta Identity Engine
Overview
The EBS app Whitelist validation failed. The following are the EBS errors that are seen.
2023-05-01T15:06:28.000-07:00 oag.okta.com ACCESS_GATEWAY EBS_SSOAGENT AUTHN EBS_SSOAGENT WARN USER_LOGIN [SESSION_ID="_94000690f250ae01c6003fcb86987203bcfd8377b1" SUBJECT="BPALMER" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36" APP_DOMAIN="ebsdev-andrew.test1.com" REASON="https://ebs-dana.test.com/OA_HTML/OA.jsp?OAFunc=OAHOMEPAGE"] Whitelist validation failed. Deeplink https://ebs-dana.test.com/OA_HTML/OA.jsp?OAFunc=OAHOMEPAGE must match EBS domain: ebsdev-andrew.test1.com
2023-05-01T15:06:28.000-07:00 oag.okta.com nWNbNKvKE oag-dana-test.com 98.37.10.130 - - "GET /ssologin? HTTP/2.0" 403 874 "https://ebs-dana.test.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36" "-" 0.588 0.583 : 0.004.
2023-05-01T15:06:28.000-07:00 oag.okta.com nWNbNKvKE oag-dana-test.com 98.37.10.130 - - "GET /ssologin? HTTP/2.0" 403 874 "https://ebs-dana.test.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36" "-" 0.588 0.583 : 0.004.
Applies To
- Okta Access Gateway
- EBS
Cause
Reasons this may be seen:
- This issue can be caused if the Post Login URL and the public domain do not match.
- If there are multiple instances of EBS applications, users may get redirected to a different domain.
- This has been resolved in OAG release 2023.7.2 and after. Please refer to the release notes for OKTA-603082.
Solution
- Update the Public Domain and the Post Login URL domain to match.
- Make sure the release is 2023.7.2 and above.
The error should not be seen after this. If the issue persists, please contact support.
