Open ID Authentication fails with the following error. Invalid state parameter - please check the redirect URI (the user may have been redirected back to a different host and/or port - resulting in a new HTTP session)
Article ID: KB0076123
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.9 |
Description
When we are using Open ID authentication, after setting up with the configuration we try to connect to Spotfire server URL and then redirected to Open ID provider page for providing Username and Password.Authentication fails and error message is displayed on the UI i.e "Could not login. Verify the server details or contact your administrator." message and "Go to login page" button.
Below is the error seen in server.log
DEBUG 2018-07-18T04:03:46,006+0530 [unknown, #2, #18239] server.security.AuthenticationManager: Attempting authentication using the OpenID Connect authenticator
WARN 2018-07-18T04:03:46,007+0530 [unknown, #2, #18239] auth.oidc.OidcAuthenticator: OpenID Connect authentication failed
com.spotfire.server.security.auth.oidc.OidcException: Invalid state parameter - please check the redirect URI (the user may have been redirected back to a different host and/or port - resulting in a new HTTP session)
at com.spotfire.server.security.auth.oidc.OidcAuthenticator.authenticate(OidcAuthenticator.java:279) [server.jar:?]
at com.spotfire.server.security.AuthenticationManager.doAuthenticate(AuthenticationManager.java:363) [server.jar:?]
at com.spotfire.server.security.AuthenticationManager.authenticateNonAnonymously(AuthenticationManager.java:313) [server.jar:?]
at com.spotfire.server.security.AuthenticationManager.authenticateFrontend(AuthenticationManager.java:215) [server.jar:?]
at com.spotfire.server.security.AuthenticationManager.authenticate(AuthenticationManager.java:199) [server.jar:?]
at com.spotfire.server.security.SecurityFilter.attemptAuthentication(SecurityFilter.java:444) [server.jar:?]
at com.spotfire.server.security.SecurityFilter.doFilter(SecurityFilter.java:225) [server.jar:?]
at com.spotfire.server.security.AbstractFilter.doFilter(AbstractFilter.java:126) [server.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web.jar:4.3.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web.jar:4.3.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [catalina.jar:8.5.13]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [catalina.jar:8.5.13]
at com.spotfire.server.security.CustomAuthFilterWrapper.doFilter(CustomAuthFilterWrapper.java:82) [server.jar:?]
at com.spotfire.server.security.AbstractFilter.doFilter(AbstractFilter.java:126) [server.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web.jar:4.3.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web.jar:4.3.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [catalina.jar:8.5.13]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [catalina.jar:8.5.13]
at com.spotfire.server.security.CsrfFilter.doFilter(CsrfFilter.java:89) [server.jar:?]
at com.spotfire.server.security.AbstractFilter.doFilter(AbstractFilter.java:126) [server.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web.jar:4.3.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web.jar:4.3.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [catalina.jar:8.5.13]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [catalina.jar:8.5.13]
at com.spotfire.server.security.HttpMethodsFilter.doFilter(HttpMethodsFilter.java:179) [server.jar:?]
at com.spotfire.server.security.AbstractFilter.doFilter(AbstractFilter.java:126) [server.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web.jar:4.3.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web.jar:4.3.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [catalina.jar:8.5.13]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [catalina.jar:8.5.13]
at com.spotfire.server.security.headers.HeadersFilter.doFilter(HeadersFilter.java:192) [server.jar:?]
at com.spotfire.server.security.AbstractFilter.doFilter(AbstractFilter.java:126) [server.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web.jar:4.3.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web.jar:4.3.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [catalina.jar:8.5.13]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [catalina.jar:8.5.13]
at com.spotfire.server.security.AccessLogFilter.doFilter(AccessLogFilter.java:78) [server.jar:?]
at com.spotfire.server.security.AbstractFilter.doFilter(AbstractFilter.java:126) [server.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web.jar:4.3.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web.jar:4.3.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [catalina.jar:8.5.13]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [catalina.jar:8.5.13]
at com.spotfire.server.security.RequestContextFilter.doFilter(RequestContextFilter.java:114) [server.jar:?]
at com.spotfire.server.security.RequestContextFilter.doFilter(RequestContextFilter.java:80) [server.jar:?]
at com.spotfire.server.security.AbstractFilter.doFilter(AbstractFilter.java:126) [server.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web.jar:4.3.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web.jar:4.3.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [catalina.jar:8.5.13]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [catalina.jar:8.5.13]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [catalina.jar:8.5.13]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [catalina.jar:8.5.13]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [catalina.jar:8.5.13]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [catalina.jar:8.5.13]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) [catalina.jar:8.5.13]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [catalina.jar:8.5.13]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341) [catalina.jar:8.5.13]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) [tomcat-coyote.jar:8.5.13]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-coyote.jar:8.5.13]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) [tomcat-coyote.jar:8.5.13]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) [tomcat-coyote.jar:8.5.13]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:8.5.13]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_131]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_131]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.5.13]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_131]
DEBUG 2018-07-18T04:03:46,022+0530 [unknown, #2, #18239] server.security.SecurityFilter: User authentication failed
Below is the error seen in server.log
DEBUG 2018-07-18T04:03:46,006+0530 [unknown, #2, #18239] server.security.AuthenticationManager: Attempting authentication using the OpenID Connect authenticator
WARN 2018-07-18T04:03:46,007+0530 [unknown, #2, #18239] auth.oidc.OidcAuthenticator: OpenID Connect authentication failed
com.spotfire.server.security.auth.oidc.OidcException: Invalid state parameter - please check the redirect URI (the user may have been redirected back to a different host and/or port - resulting in a new HTTP session)
at com.spotfire.server.security.auth.oidc.OidcAuthenticator.authenticate(OidcAuthenticator.java:279) [server.jar:?]
at com.spotfire.server.security.AuthenticationManager.doAuthenticate(AuthenticationManager.java:363) [server.jar:?]
at com.spotfire.server.security.AuthenticationManager.authenticateNonAnonymously(AuthenticationManager.java:313) [server.jar:?]
at com.spotfire.server.security.AuthenticationManager.authenticateFrontend(AuthenticationManager.java:215) [server.jar:?]
at com.spotfire.server.security.AuthenticationManager.authenticate(AuthenticationManager.java:199) [server.jar:?]
at com.spotfire.server.security.SecurityFilter.attemptAuthentication(SecurityFilter.java:444) [server.jar:?]
at com.spotfire.server.security.SecurityFilter.doFilter(SecurityFilter.java:225) [server.jar:?]
at com.spotfire.server.security.AbstractFilter.doFilter(AbstractFilter.java:126) [server.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web.jar:4.3.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web.jar:4.3.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [catalina.jar:8.5.13]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [catalina.jar:8.5.13]
at com.spotfire.server.security.CustomAuthFilterWrapper.doFilter(CustomAuthFilterWrapper.java:82) [server.jar:?]
at com.spotfire.server.security.AbstractFilter.doFilter(AbstractFilter.java:126) [server.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web.jar:4.3.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web.jar:4.3.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [catalina.jar:8.5.13]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [catalina.jar:8.5.13]
at com.spotfire.server.security.CsrfFilter.doFilter(CsrfFilter.java:89) [server.jar:?]
at com.spotfire.server.security.AbstractFilter.doFilter(AbstractFilter.java:126) [server.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web.jar:4.3.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web.jar:4.3.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [catalina.jar:8.5.13]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [catalina.jar:8.5.13]
at com.spotfire.server.security.HttpMethodsFilter.doFilter(HttpMethodsFilter.java:179) [server.jar:?]
at com.spotfire.server.security.AbstractFilter.doFilter(AbstractFilter.java:126) [server.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web.jar:4.3.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web.jar:4.3.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [catalina.jar:8.5.13]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [catalina.jar:8.5.13]
at com.spotfire.server.security.headers.HeadersFilter.doFilter(HeadersFilter.java:192) [server.jar:?]
at com.spotfire.server.security.AbstractFilter.doFilter(AbstractFilter.java:126) [server.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web.jar:4.3.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web.jar:4.3.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [catalina.jar:8.5.13]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [catalina.jar:8.5.13]
at com.spotfire.server.security.AccessLogFilter.doFilter(AccessLogFilter.java:78) [server.jar:?]
at com.spotfire.server.security.AbstractFilter.doFilter(AbstractFilter.java:126) [server.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web.jar:4.3.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web.jar:4.3.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [catalina.jar:8.5.13]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [catalina.jar:8.5.13]
at com.spotfire.server.security.RequestContextFilter.doFilter(RequestContextFilter.java:114) [server.jar:?]
at com.spotfire.server.security.RequestContextFilter.doFilter(RequestContextFilter.java:80) [server.jar:?]
at com.spotfire.server.security.AbstractFilter.doFilter(AbstractFilter.java:126) [server.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web.jar:4.3.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web.jar:4.3.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [catalina.jar:8.5.13]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [catalina.jar:8.5.13]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [catalina.jar:8.5.13]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [catalina.jar:8.5.13]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [catalina.jar:8.5.13]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [catalina.jar:8.5.13]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) [catalina.jar:8.5.13]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [catalina.jar:8.5.13]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341) [catalina.jar:8.5.13]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) [tomcat-coyote.jar:8.5.13]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-coyote.jar:8.5.13]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) [tomcat-coyote.jar:8.5.13]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) [tomcat-coyote.jar:8.5.13]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:8.5.13]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_131]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_131]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.5.13]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_131]
DEBUG 2018-07-18T04:03:46,022+0530 [unknown, #2, #18239] server.security.SecurityFilter: User authentication failed
Issue/Introduction
When we try to connect using Open ID authentication as a provider, it fails with the below error in server.log.
Invalid state parameter - please check the redirect URI (the user may have been redirected back to a different host and/or port - resulting in a new HTTP session)
Resolution
For the above error message in some cases we need to check for the Discovery document URL, if it is mentioned as "https://dev-338127.oktapreview.com/.well-known/openid-configuration" and not "http://dev-338127.oktapreview.com/.well-known/openid-configuration".In short we need to check if the URL is mentioned as https instead of http. Also, in some cases we need to check for default filter mode of Post Authentication filter is not "Block", it should be "Auto-create".
Feedback
Yes
No
Powered by
