search

okta / samples-aspnet

samples-aspnet
https://github.com/okta/samples-aspnet
Apache License 2.0
41 stars 107 forks source link

set OpenIdConnectProtocolValidator.RequireNonce to 'false'. Note if a 'nonce' is found it will be evaluated. #62

Open prasannagrchandran opened 2 years ago

prasannagrchandran commented 2 years ago

Hi Guys,

I have implemented configurations...In my localhost SSO working fine... i am able to get the data but when i host it in the server i am getting below mentioned error

IDX21323: RequireNonce is 'System.Boolean'. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'. Note if a 'nonce' is found it will be evaluated.

FYI:

Please help me to get rid of this error

bryanapellanes-okta commented 2 years ago

@prasannagrchandran, Thanks for reaching out! Can you provide minimal sample code and steps to reproduce the error? Also, without exposing sensitive data like secrets or api keys, please share your configuration to help us troubleshoot further.

prasannagrchandran commented 2 years ago

This is my startup.cs

using System.Collections.Generic; using System.Configuration; using Microsoft.Owin; using Microsoft.Owin.Security; using Microsoft.Owin.Security.Cookies; using Okta.AspNet; using Owin;

[assembly: OwinStartup(typeof(PepEvents.Startup))]

namespace PepEvents { public class Startup { public void Configuration(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOktaMvc(new OktaMvcOptions()
        {
            OktaDomain = ConfigurationManager.AppSettings["okta:OktaDomain"],
            ClientId = ConfigurationManager.AppSettings["okta:ClientId"],
            ClientSecret = ConfigurationManager.AppSettings["okta:ClientSecret"],
            AuthorizationServerId = ConfigurationManager.AppSettings["okta:AuthorizationServerId"],
            RedirectUri = ConfigurationManager.AppSettings["okta:RedirectUri"],
            PostLogoutRedirectUri = ConfigurationManager.AppSettings["okta:PostLogoutRedirectUri"],
            GetClaimsFromUserInfoEndpoint = true,
            Scope = new List<string> { "openid", "profile", "email" },
        });
    }
}

}

prasannagrchandran commented 2 years ago

Web.config

<?xml version="1.0" encoding="utf-8"?>

prasannagrchandran commented 2 years ago

From the error i think we need to set nonce to false but i dont know how to set

gfody commented 2 months ago

I ran into this as well. merging this rejected pr and setting the cookie manager to new SystemWebCookieManager() got things working. setting the cookie manager earlier as suggested in this comment did not work for me.

bryanapellanes-okta commented 2 months ago

I ran into this as well. merging this rejected pr and setting the cookie manager to new SystemWebCookieManager() got things working. setting the cookie manager earlier as suggested in this comment did not work for me.

It's good to know there's a fix. I've opened an internal issue for tracking and prioritization. OKTA-790251