qubz9 (qubz9) asked a question.
I have two identical Blazor apps for two different companies where each company uses Okta for authentication. The code is identical for each other than the required URLs and parameters for each company’s individual Okta accounts. The apps, nor their servers, have been updated or changed in a few months. Suddenly within the last few weeks, the second company's users are all failing to log in, while the first company’s app is still logging in fine. This seems to point to me that something has changed externally with the second company’s Okta accounts, but they claim not.
The failed logins end up at the Blazor app's URL of "https://app.companyname.com/authentication/login-failed". In the company’s Okta account, the logs for the failed users show that the user was authenticated and logged in, yet login-failed was called back in the Blazor app.
What could be causing this and also how might I get more information on why the logion has failed?
Hi, @qubz9 (qubz9)
Thank you for posting on our Community page!
Due to the complexity of this use case, I suggest opening a case with the Support engineers.
https://support.okta.com/help/s/opencase?language=en_US
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
I appreciate that, but as far as I am aware, my developer account does not support opening a case without paid subscriptions. When trying before and also when using the link provided, I get "You Do Not Have Access to Create a Case".
Although my clients have paid subscriptions, they do not have the knowledge to pursue this, yet for security due to their interests, are not allowed to share details on their Okta accounts, etc. For these reasons and others, I am forced to purse clues and solutions here.
Hi, @qubz9 (qubz9)
While I do understand the need for privacy, we need more info, we would need logs, screenshots, a deeper view into the issue. That is obtainable only via opening a case as we cannot accept personal info on the forum.
The "login failed" error is so broad and could have so many reasons I wouldn't know where to begin.
They can also ask their Okta Account Executives to open a case on their behalf if they do not have the knowledge to pursuit this.
Take a look at these articles as well, maybe it helps:
https://devforum.okta.com/t/net-5-blazor-server-okta-authentication-showing-http-error-400/18604
https://community.auth0.com/t/authentication-login-failed/61727/5
If you have a screenshot of the error, maybe we can get more info from there.
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Thanks Laura. I guess privacy is an issue given the very nature of this. I did send a message to Okta but have not received a response. As mentioned, I cannot open a case as I assume I have to have a subscription. The client is a large company and getting them involved in debugging this is challenging, but we are trying.
What I was desiring here was to learn if there were any upgrades or changes within the Okta technology that might have sparked this issue. Or...if any others might have had similar issues that could point us towards a targeted direction.
More information for those...hoping someone might have experienced this issue and might share the solution they found...
Given:
As stated, we have two identical servers with identical software running an identical Blazor application. Both have different clients that use Okta for login to their individual sites. The first site works fine. The second one, sometime in the last few weeks, now fails with Okta calling the callback URL with a Login-Fail call. I cannot find more information than this...not even an error message. it is elusive. The client that fails, says that the Okta logs shows that the user was successfully authenticated.
Test to Point to Cause:
To try to determine if the issue is with the server/app or with Okta settings, on my Okta Dev account, I created an application that mirrored the settings of the of the client's that was failing. Of course this has a new ClientID.
On the server that was failing, I changed the client ID and the Okta Domain and authority URL to that of the application settings that I had just created. Basically, changed three parameters on the server. Now the server that was failing is now working using the alternate Okta account.
Conclusion?
Would not this point to my client's Okta account being the culprit and requiring investigation? My client states that nothing has been changed on their end as well.