User17271025127793105866 (Customer) asked a question.
Hi,
We are using Android web view to load URL which contains OKTA JS script widget as below.
<script src="https://global.oktacdn.com/okta-signin-widget/7.23.1/js/okta-sign-in.min.js" type="text/javascript" integrity="sha384-iS0TwfhBrj8wuaNgQy6cYGrF3CF2JvvZXfMzVrk6BZ5yqtquDItZCLrhpN2YzX+4" crossorigin="anonymous"></script>
<link href="https://global.oktacdn.com/okta-signin-widget/7.23.1/css/okta-sign-in.min.css" type="text/css" rel="stylesheet" integrity="sha384-4MFLFWndyGkfT8NgzmoJbWDD4YjzbMANE7ncx/sqPLBTkSqnrgFzjaQ0r8PewThU" crossorigin="anonymous" />
in our case client unable to Authenticate for Android Device getting the error/incomplete payload device details are missing. FYI, Client configured SSO with device trust, where the same implementation working in IOS.
{
"actor": {
"id": "00unsXXXXXXXXX",
"type": "User",
"alternateId": "XXXX@XXXX.com",
"displayName": "JaXX XXX",
"detailEntry": null},
"client": {
"userAgent": {
"rawUserAgent": "Mozilla/5.0 (Linux; Android 14; SM-X210 Build/UP1A.231005.007; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/127.0.6533.103 Safari/537.36",
"os": "Android",
"browser": "CHROME"},
"zone": "null",
"device": "Mobile",
"id": null,
"ipAddress": "12.XXX.XXX.XX",
"geographicalContext": {
"city": "Mount XXXX",
"state": "Illinois",
"country": "United States",
"postalCode": "XXXXX",
"geolocation": {
"lat": XX.XXXX,
"lon": -XX.XXXX
}
}
},
"device": null,
"authenticationContext": {
"authenticationProvider": null,
"credentialProvider": null,
"credentialType": null,
"issuer": null,
"interface": null,
"authenticationStep": 0,
"rootSessionId": "XXXXXXXXX_7TZKEPZx3MTq-Rw",
"externalSessionId": " XXXXXXXXX_7TZKEPZx3MTq-Rw"
},
"displayMessage": "Evaluation of sign-on policy",
"eventType": "policy.evaluate_sign_on",
"outcome": {
"result": "DENY",
"reason": "Sign-on policy evaluation resulted in DENIED"
},
"published": "2024-09-12T21:35:24.224Z",
"securityContext": {
"asNumber": XXXX,
"asOrg": "XXXXX corporation",
"isp": "XXX services inc",
"domain": "XXXXX.com",
"isProxy": false
},
"severity": "INFO",
"debugContext": {
"debugData": {
"authnRequestId": "XXXXXXXXX",
"oktaUserAgentExtended": "okta-auth-js/7.7.0 okta-signin-widget-7.21.2",
"requestId": " XXXXXXXXX",
"dtHash": " XXXXXXXXX",
"requestUri": "/idp/idx/authenticators/poll/cancel",
"threatSuspected": "false",
"url": "/idp/idx/authenticators/poll/cancel?",
"logOnlySecurityData": "{\"risk\":{\"reasons\":\"Anomalous Device\",\"level\":\"MEDIUM\"},\"behaviors\":{\"New Geo-Location\":\"NEGATIVE\",\"New Device\":\"POSITIVE\",\"New IP\":\"NEGATIVE\",\"New State\":\"NEGATIVE\",\"New Country\":\"NEGATIVE\",\"Velocity\":\"NEGATIVE\",\"New City\":\"NEGATIVE\"}}"
}
},
"legacyEventType": null,
"transaction": {
"type": "WEB",
"id": " XXXXXXXXX",
"detail": {}
},
"uuid": " XXXXXXXXX",
"version": "0",
"request": {
"ipChain": [
{
"ip": "XX.XXX.XXX.XX",
"geographicalContext": {
"city": "XXXX XXXX",
"state": "XXXX",
"country": "United States",
"postalCode": "XXXXX",
"geolocation": {
"lat": XX.XXXX,
"lon": -XX.XXXX
}
},
"version": "V4",
"source": null
}
]
},
"target": [
{
"id": " XXXXXXXXX ",
"type": "AppInstance",
"alternateId": "Wellable",
"displayName": "Wellable",
"detailEntry": {
"signOnModeType": "SAML_2_0",
"signOnModeEvaluationResult": "DENIED"
}
},
{
"id": " XXXXXXXXX ",
"type": "Rule",
"alternateId": "unknown",
"displayName": "Catch-all Rule",
"detailEntry": {
"policyRuleFactorMode": "2FA"
}
}
]
}
Hi @User17271025127793105866 (Customer) , Thank you for reaching out to the Okta Community!
Based on the information you have provided, the authentication attempt is hitting one of your authentication policies, in particular the "Catch-all rule" under your policy.
You will need to review your login flow/context to identify whether you need to change something about the way you log in or if the policy needs to be reconfigured in order for this type of login to be allowed.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Help others in the community by liking or hitting Select as Best if this response helped you.