Okta auth stuck in infinite loop

Question

I'm tasked to setup authentication by Okta. The auth code works on my dev computer, but it gets infinite loop on the staging server.

The framework is asp.net webforms 4.8

Infinite loop:

When I look into the system log, there are only 3 entries, no error:

Here's Okta settings in Web.Config, I have double checked the "okta:RedirectUri" and "okta:PostLogoutRedirectUri" match the values in the Okta developer dashboard settings (also shown below):

    <!-- OKTA: -->
    <!-- 1. Replace these values with your Okta configuration -->
    <add key="okta:ClientId" value="************" />
    <add key="okta:ClientSecret" value="*******************" />
    <add key="okta:OktaDomain" value="https://dev-*****.okta.com" />
    <add key="okta:AuthorizationServerId" value="default" />
    <!-- 2. Update the Okta application with these values -->
    <add key="okta:RedirectUri" value="https://www.company-url.com/subdomain/default.aspx" />
    <add key="okta:PostLogoutRedirectUri" value="https://www.company-url.com/subdomain" />

In the Okta developer dashboard -> applications -> Test App -> General -> General Settings: the sign-in redirect URI is: https://www.company-url.com/subdomain/default.aspx

The sign-out redirect URI is https://www.company-url.com/subdomain

Also on the dashboard -> Security -> API -> Trusted Origins, the URL "https://www.company-url.com" was added to allow both CORS and Redirect

The StartUp class (vb.net):

Imports System.Collections.Generic
Imports System.Configuration
Imports System.Web
Imports Microsoft.Owin
Imports Microsoft.Owin.Security
Imports Microsoft.Owin.Security.Cookies
Imports Okta.AspNet
Imports Owin

<Assembly: OwinStartup(GetType(Company.Startup))>

Public Class Startup
        Public Sub Configuration(ByVal app As IAppBuilder)
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
            app.UseCookieAuthentication(New CookieAuthenticationOptions() With {
                .LoginPath = New PathString("/Login.aspx")
            })
            app.UseOktaMvc(New OktaMvcOptions() With {
                .OktaDomain = ConfigurationManager.AppSettings("okta:OktaDomain"),
                .ClientId = ConfigurationManager.AppSettings("okta:ClientId"),
                .ClientSecret = ConfigurationManager.AppSettings("okta:ClientSecret"),
                .AuthorizationServerId = ConfigurationManager.AppSettings("okta:AuthorizationServerId"),
                .RedirectUri = ConfigurationManager.AppSettings("okta:RedirectUri"),
                .PostLogoutRedirectUri = ConfigurationManager.AppSettings("okta:PostLogoutRedirectUri"),
                .Scope = New List(Of String) From {
                    "openid",
                    "profile",
                    "email"
                },
                .LoginMode = LoginMode.SelfHosted
            })
        End Sub
    End Class

The Login.aspx markup:

<%@ Page Language="vb" AutoEventWireup="true" CodeBehind="Login.aspx.vb" Inherits="Illinois.Login" %>

<script src="https://global.oktacdn.com/okta-signin-widget/5.2.0/js/okta-sign-in.min.js" type="text/javascript"></script>
<link href="https://global.oktacdn.com/okta-signin-widget/5.2.0/css/okta-sign-in.min.css" type="text/css" rel="stylesheet" />
<script src="include/jquery-3.4.1.min.js"></script>


<div id="widget"></div>

<form method="POST" action="Login.aspx">
    <input type="hidden" name="sessionToken" id="hiddenSessionTokenField" />
</form>

<script type="text/javascript">
    var oktaDomain = '<%= System.Configuration.ConfigurationManager.AppSettings("okta:oktaDomain").ToString() %>';

    var signIn = new OktaSignIn({
        baseUrl: oktaDomain
    });

    signIn.renderEl({ el: '#widget' }, (res) => {
        var sessionTokenField = $("#hiddenSessionTokenField");
        sessionTokenField.val(res.session.token);
        var form = sessionTokenField.parent();
        form.submit();
    }, (err) => {
        console.error(err);
        });
</script>

And the Login.aspx.vb code:

Imports System
Imports System.Security.Claims
Imports System.Web
Imports Microsoft.Owin.Security
Imports Microsoft.Owin.Security.OpenIdConnect

Partial Public Class Login
        Inherits System.Web.UI.Page

        Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
            If Request.RequestType = "POST" AndAlso Not Request.IsAuthenticated Then
                Dim claimsPrincipal As ClaimsPrincipal = TryCast(Page.User, ClaimsPrincipal)
                Dim sessionToken As String = Request.Form("sessionToken")?.ToString()
                Dim properties As AuthenticationProperties = New AuthenticationProperties()
                properties.Dictionary.Add("sessionToken", sessionToken)
                properties.RedirectUri = "/"
                HttpContext.Current.GetOwinContext().Authentication.Challenge(properties, OpenIdConnectAuthenticationDefaults.AuthenticationType)
            End If
        End Sub
    End Class

Please help to see which part was not configured correctly. Any help is appreciated. Thank you and best regards.