Exception: Correlation failed. Unknown location with Okta In C#

Question

So I am building a ASP.NET Core 2.2 application and I am trying to implement Okta verify into this system. I have seen that this issue of the "Exception: Correlation failed" has been discussed on many threads across many message boards, I have tried those solution and I fear no of them have worked.

I am at a loss and need to have a new angle of looking at it.

So when I initially implemented this into the code, I did it as said in the documentation of Okta it self. By now I added stuff that was part of other solutions so it grew a bit.

Startup.cs

public void ConfigureServices(IServiceCollection services)
{

    // Some people had issues with this one being in here,
    // but for me it "works" with and without
    services.Configure<CookiePolicyOptions>(options =>
    {
        // This lambda determines whether user consent for non-essential cookies is needed for a given request.
        options.CheckConsentNeeded = context => true;
        options.MinimumSameSitePolicy = SameSiteMode.None;
    });

    // here are some services.AddTransient and cors policies



    services.Configure<OpenIdConnectOptions>(options =>
    {
        options.Events.OnRemoteFailure = RemoteAuthFail;
    });



    // Basicly here is where I added the boilerplate code made by okta.
    // As I was looking into threads trying to solve the issue it grew into this
    ////////////////////////////////////
    services.AddAuthentication(options =>
    {
        options.DefaultScheme = "somename";
        options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = OktaDefaults.MvcAuthenticationScheme;
    })
    .AddCookie(cookieAuthOptions =>
    {
        cookieAuthOptions.Cookie.Name = "chocolatechip";
        cookieAuthOptions.AccessDeniedPath = "/error/accessdenied";
        cookieAuthOptions.ExpireTimeSpan = new TimeSpan(0,2,0);
    })
    .AddOpenIdConnect("OpenIdConnect", option =>
    {
        option.Events = new OpenIdConnectEvents
        {
            OnRedirectToIdentityProvider = redirectContext =>
            {
                if (Env.IsEnvironment("Debug"))
                {
                    //Force scheme of redirect URI(THE IMPORTANT PART)
                    redirectContext.ProtocolMessage.RedirectUri = redirectContext.ProtocolMessage.RedirectUri.Replace("https://", "http://", StringComparison.OrdinalIgnoreCase);
                }
                return Task.FromResult(0);
            }
        };
        option.ClientId = "SomeClientId";
        option.ClientSecret = "SomeClientSecret";
        option.CallbackPath = "TheCallbackPath";
        option.Authority = "This is suppose to be some URI";
    })
    .AddOktaWebApi(new OktaWebApiOptions()
    {
        AuthorizationServerId = "anotherId",
        OktaDomain = "TheDevDomain"
    });
    ////////////////////////////////////


    services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
    services.AddMvc(options => options.OutputFormatters.Add(new HtmlOutputFormatter()));
}


public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
    loggerFactory.AddLog4Net("log4net.config", false);
    app.UseHttpStatusCodeExceptions();

    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {

        app.UseHsts();
    }

    app.UseCors(CRSpecificOrigins);
    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseCookiePolicy();
    app.UseAuthentication();

    app.UseMvc();
}

Answer 1

I hit that problem in .NET MVC app after switching from HTTPS to HTTP

Suggested answer solve it!

.AddOpenIdConnect(options =>
        {
            options.Authority = configuration["Okta:Issuer"] + "/oauth2/default";
            options.RequireHttpsMetadata = false;
            options.ClientId = configuration["Okta:ClientId"];
            options.ClientSecret = configuration["Okta:ClientSecret"];
            options.CallbackPath = configuration["Okta:CallbackPath"];
            options.ResponseType = OpenIdConnectResponseType.Code;
            options.GetClaimsFromUserInfoEndpoint = true;
            options.Scope.Add("openid");
            options.Scope.Add("profile");
            options.SaveTokens = true;

            options.NonceCookie.SameSite = SameSiteMode.Unspecified;
            options.CorrelationCookie.SameSite = SameSiteMode.Unspecified;

            options.TokenValidationParameters = new TokenValidationParameters
            {
                NameClaimType = "name",
                RoleClaimType = "groups",
                ValidateIssuer = true
            };
        });

Answer 2

I experienced the same issue very soon. I used the code below to solve the problem. It might be useful.

In AddOpenIdConnect("oidc or xxx")'s code block.

If you use .net core > 2.*

options.NonceCookie.SameSite = (SameSiteMode) (-1);
options.CorrelationCookie.SameSite = (SameSiteMode) (-1);

If you use .net > 3.*

options.NonceCookie.SameSite = SameSiteMode.Unspecified;
options.CorrelationCookie.SameSite = SameSiteMode.Unspecified;