dex + okta login disaplay "User session error.

[shaojielinux]

describe：

1. When I log in from the OKTA page, it will prompt "User Session Error" and the browser address bar will remain in the“ https://xxx.xxx.xxx.xx/api/dex/callback This address, meet login1. png
2. But when I manually enter the domain name of argocd in the browser and click OK to log in, I will successfully log in, such as login2. png and login3. png

dex.config: dex.config: | logger: level: debug format: json connectors:

GitHub example

- type: saml
  id: okta
  name: Okta
  config:
    ssoURL: https://test.test.okta.com/app/uraargo_1/exka4zVPtGm697/sso/saml
    caData: |
      adsfasdfadsfasdfs
    usernameAttr: email
    emailAttr: email
    groupsAttr: group

exec.enabled: "false" server.rbac.log.enforce.enable: "false" timeout.hard.reconciliation: 0s timeout.reconciliation: 180s url: https://xxx.xxx.xx.xxx

[shaojielinux]

The problem that has been bothering me for a week, please help me check. Thank you

[todaywasawesome]

@shaojielinux Could you share logs from dex?

[oleksandr-gubchenko]

same issue here, the only errors that I see in dex logs are:

time="2024-02-06T09:07:58Z" level=error msg="Invalid 'state' parameter provided: not found"
time="2024-02-08T16:14:59Z" level=error msg="Failed to parse authorization request: Unregistered redirect_uri (\"\")."

[oleksandr-gubchenko]

this may be the issue: https://github.com/dexidp/dex/pull/1514 https://github.com/dexidp/dex/pull/3250

[andrii-korotkov-verkada]

ArgoCD versions 2.10 and below have reached EOL. Can you upgrade and let us know if the issue is still present, please?