Microsoft.IdentityServer.Web.CookieManagers.InvalidContextException: MSIS7001: The passive protocol context was not found or not valid. If the context was stored in cookies, the cookies that were presented by the client were not valid. Ensure that the client browser is configured to accept cookies from this website and retry this request.
I've often wondered what this means?
Then I had a issue which I could repeat and with the help of @Pierre, I sorted it out.
My path was:
Application --> ADFS --> SAML --> Another IDP --> Another IDP
The request was:
?SAMLRequest=fZ...gE%3d&RelayState=620d9067-4bc1-439b-ad21-0d419d3cbd19
This results in:
Set-Cookie: MSISContext620d9067-4bc1-439b-ad21-0d419d3cbd19=UlB...cw==; path=/adfs; HttpOnly; Secure
Notice that the RelayState is added to the name of the cookie.
Somewhere upstream, the RelayState changed.
When the response comes back to ADFS, ADFS checks for a cookie with the new RelayState name that doesn't exist.
Hence the error.
Enjoy!
No comments:
Post a Comment