We have configured Single Sign-On Authentication Service and it was working fine for sometime. Started facing an error while using SSO Authentication Service as “Invalid State Parameter Received”.
Did not get any clue on why are we facing the issue. We have even tried re-configure the SSO Authentication Service again but the same problem occured.
@KishoreSanagapalli
Root Cause Identified: Organization wide Domain change caused the new IP address invloved so SSO Calls are not reaching the IDP / IAM Layer for authenticity causing the Invalid State Parameter error. Working on the Solution.
@KishoreSanagapalli thanks so much for keeping up updated.
Once you find the solution would you be happy to post it here and mark your answer as ‘Accept Solution’?
Thanks again!
Yes, Sure
@KishoreSanagapalli
Follow-Solution for identified RCA:
As part of Application Security enhancements, CSRF Settings enabled in the application and ‘Enable Same Site Cookie Attribute’ which is selected with “Strict” is causing the issue. Updated the value from "Strict to Lax" which fixed the SSO Login Issue.
@Kishore Sanagapalli Hi,
We are facing the same issue in our system. It seems it started with the Pega upgrade to Infinity 23. The CSRF settings is LAX. Do you have other ideas?
Br,
Tavi
Sometimes, It’s possible with upgrades. You will need to change the CSRF settings to Lax and restart the web pods for the changes to effect and see the change.
@Kishore Sanagapalli Hi,
but the setting is set to LAX for a long time and Infinity23 upgrade took part on 19th of March 2024(then the error started occuring) and we still get the error. Conclusion is that LAX setting is not working for us. Any other ideas?
Br,
Tavi
Did you verify if any new firewall rules have been applied on the infra level?
Did you enable the tracer and tried to re-produce the issue for error traces?
@Kishore Sanagapalli Hi,
No new Fw rules were applied.
I am not able to reproduce the error and I cannot trace it.
What I did is:
Br,
Tavi
Okay, Please post the analysis outcome
