NidhinC.60762 (Customer) asked a question.
SSO not working via Network Load balancer - sso_iwa_auth / iwa.Invalid.Token
Hi Experts, We have enabled "Use global redirect URL" via network load balancer (F5) and it was working fine. Now we had to remove one of the server from F5 load balancer and add a new one. after that SSO to okta page does not work and it redirects to https://or.com/login/sso_iwa_auth In event logs, LegacyEventType shows as iwa.Invalid.Token Note: When we point IWA server manually or Automatic failorver then SSO works. Anybody has any idea why this is happening?
- Check the service accounts for AD.
- Check the API token to be valid.
- Check your server firewall, to make sure it is not blocking any IP adresses.
- Also check for your server to be domain-joined, as otherwise IWA will not work.
For further assistance, you can always open a case with our Tech Support department.Within Okta Admin UI, a Super Admin can check the status of the API token that was created during the AD Agent install.
Security > API >> Tokens
The token name is typically the servername on which the AD Agent was installed and directly under the name you will see "Okta AD Agent"
Hi Nidhin,
We are running into the same issue. IWA works fine on both Mac and Win but as soon as we enable Global Redirect it breaks on all Mac browsers. I can confirm the following: Mac domain joinedFirewall not blockingSVC account setup per instructions No idea either what they are referring to with API token.I have opened a case with Okta support that hasn't really gotten anywhere in the last 2 + weeks. Would love to see some attention to this.
Dave