OAG: EBS App Whitelist Validation Failed
Jul 28, 2025
Access Gateway
Okta Classic Engine
Okta Identity Engine
Overview
The EBS app Whitelist validation failed. The following are the EBS errors that are seen.
2023-05-01T15:06:28.000-07:00 oag.okta.com ACCESS_GATEWAY EBS_SSOAGENT AUTHN EBS_SSOAGENT WARN USER_LOGIN [SESSION_ID="_94000690f250ae01c6003fcb86987203bcfd8377b1" SUBJECT="BPALMER" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36" APP_DOMAIN="ebsdev-andrew.test1.com" REASON="https://ebs-dana.test.com/OA_HTML/OA.jsp?OAFunc=OAHOMEPAGE"] Whitelist validation failed. Deeplink https://ebs-dana.test.com/OA_HTML/OA.jsp?OAFunc=OAHOMEPAGE must match EBS domain: ebsdev-andrew.test1.com
2023-05-01T15:06:28.000-07:00 oag.okta.com nWNbNKvKE oag-dana-test.com 98.37.10.130 - - "GET /ssologin? HTTP/2.0" 403 874 "https://ebs-dana.test.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36" "-" 0.588 0.583 : 0.004.
2023-05-01T15:06:28.000-07:00 oag.okta.com nWNbNKvKE oag-dana-test.com 98.37.10.130 - - "GET /ssologin? HTTP/2.0" 403 874 "https://ebs-dana.test.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36" "-" 0.588 0.583 : 0.004.
Applies To
- Okta Access Gateway
- EBS
Cause
Reasons this may be seen:
- This issue can be caused if the Post Login URL and the public domain do not match.
- If there are multiple instances of EBS applications, users may get redirected to a different domain.
- This has been resolved in OAG release 2023.7.2 and after. Please refer to the release notes for OKTA-603082.
Solution
- Update the Public Domain and the Post Login URL domain to match.
- Make sure the release is 2023.7.2 and above.
The error should not be seen after this. If the issue persists, please contact support.
