Skip to main content

Question

 Saikishore Sanagapalli (Kishore Sanagapalli)
LTIMindtree
Senior Specialist - Pega Containerization Practitioner
LTIMindtree
SA
Kishore Sanagapalli Member since 2021 42 posts
LTIMindtree
Posted: Oct 13, 2022
Last activity: Nov 5, 2024
Posted: 13 Oct 2022 3:29 EDT
Last activity: 5 Nov 2024 5:20 EST
Solved

SSO-Login Issue - Invalid State Parameter error

We have configured Single Sign-On Authentication Service and it was working fine for sometime. Started facing an error while using SSO Authentication Service as "Invalid State Parameter Received".

Did not get any clue on why are we facing the issue. We have even tried re-configure the SSO Authentication Service again but the same problem occured.  

***Edited by Moderator: Pooja Gadige to add capability tag***
To see attachments, please log in.
Pega Platform 8.6.5
Cloud Services
Client-managed Cloud
System Administration
Customization
Security
Manufacturing
Other Industry
System/Cloud Ops Administrator
Team Lead

  • Reply

Accepted Solution

Posted: 2 years ago
Posted: 5 Jan 2023 1:56 EST
Saikishore Sanagapalli (Kishore Sanagapalli)
LTIMindtree
Senior Specialist - Pega Containerization Practitioner
LTIMindtree
SA

@Kishore Sanagapalli

Follow-Solution for identified RCA:

As part of Application Security enhancements, CSRF Settings enabled in the application and 'Enable Same Site Cookie Attribute' which is selected with "Strict" is causing the issue. Updated the value from "Strict to Lax" which fixed the SSO Login Issue.

To see attachments, please log in.
Posted: 2 years ago
Updated: 2 years ago
Posted: 3 Nov 2022 4:53 EDT
Updated: 5 Jan 2023 1:56 EST
Saikishore Sanagapalli (Kishore Sanagapalli)
LTIMindtree
Senior Specialist - Pega Containerization Practitioner
LTIMindtree
SA

@Kishore Sanagapalli

Root Cause Identified: Organization wide Domain change caused the new IP address invloved so SSO Calls are not reaching the IDP / IAM Layer for authenticity causing the Invalid State Parameter error. Working on the Solution.

To see attachments, please log in.

Accepted Solution

Posted: 2 years ago
Posted: 5 Jan 2023 1:56 EST
Saikishore Sanagapalli (Kishore Sanagapalli)
LTIMindtree
Senior Specialist - Pega Containerization Practitioner
LTIMindtree
SA

@Kishore Sanagapalli

Follow-Solution for identified RCA:

As part of Application Security enhancements, CSRF Settings enabled in the application and 'Enable Same Site Cookie Attribute' which is selected with "Strict" is causing the issue. Updated the value from "Strict to Lax" which fixed the SSO Login Issue.

To see attachments, please log in.
Posted: 5 months ago
Posted: 29 Oct 2024 6:48 EDT
Chis Octavian (tavi.chis)
Uniqa
Pega Developer
Uniqa
RO

@Kishore Sanagapalli Hi,

but the setting is set to LAX for a long time and Infinity23 upgrade took part on 19th of March 2024(then the error started occuring) and we still get the error. Conclusion is that LAX setting is not working for us. Any other ideas?

Br,

Tavi

To see attachments, please log in.
Posted: 5 months ago
Posted: 30 Oct 2024 7:51 EDT
Saikishore Sanagapalli (Kishore Sanagapalli)
LTIMindtree
Senior Specialist - Pega Containerization Practitioner
LTIMindtree
SA

@tavi.chis

1. Did you verify if any new firewall rules have been applied on the infra level?

2. Did you enable the tracer and tried to re-produce the issue for error traces?

 

To see attachments, please log in.
Posted: 5 months ago
Posted: 4 Nov 2024 5:40 EST
Chis Octavian (tavi.chis)
Uniqa
Pega Developer
Uniqa
RO

@Kishore Sanagapalli Hi,

1. No new Fw rules were applied.

2. I am not able to reproduce the error and I cannot trace it.

What I did is:

1. Created a new log category for PEGA support team(to check the OIDC process), and they are still analyzing the issue.

Br,

Tavi

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice