User login failed: Missing State Hash Cookie

Version
2022.1.2386

What happened?

We are trying to create the synthetic check in Datadog which identify the failure and latency in Octopus login. We are using SSO authentication ( Okta ) for the same. But when trying to execute the test case, we get a “Missing State Hash Cookie” error.
Datadog only supports creating synthetic monitoring using Chrome browser

Details about the private location of Datadog are available here: https://docs.datadoghq.com/getting_started/synthetics/private_location/

Reproduction

The same user login is working fine when tested on the local browser. We tried to run the test on firefox & chrome but the same results were found.

Error

{“title”:“Bad request”,“message”:“There was a problem with your request.”,“details”:{“ErrorMessage”:“There was a problem with your request.”,“Errors”:[“User login failed: Missing State Hash Cookie. As a security precaution, Octopus ensures the state object returned from the external identity provider matches what it expected. In this case the Cookie containing the SHA256 hash of the state object is missing from the request.”]}}

More Information

We tried to solve the problem by following this doc Troubleshooting authentication problems - Octopus Deploy but the still issue persist.

We are already using HTTPS in the URL.

Good morning @Naman.Kumar,

Thank you for contacting Octopus Support and sorry to hear you are having issues with the test case you are running.

I thought I had seen this issue before and it looks like you posted the same question here:

I did respond to that so if you can get us the information requested we can have a look at this for you.

Am I able to close this forum post off and we can continue this investigation on the other one please, just so we have all the information in one place.

Kind Regards,

Clare

Hey @clare.martin , I opened a new case since that one does not allow to reply on it anymore

Hey @Naman.Kumar,

I can see actually that was closed as it was over 31 days since the last response so they do auto-close.

I will repost my comment from the last post so users can see it and follow through if they have the same issue:

Are you able to logon to Octopus itself using OKTA? Or are you getting the same errors when trying to logon to Octopus via the Octopus UI Okta button?

We have had some issues in the past with Okta and certain browsers, Firefox and Chrome seem to be the main culprits. I was wondering if you could try running the test using Edge at all? (is this what you meant by ‘Same user login is working fine when test on local browser’)

I know you said you tried following our documentation and you mentioned you use HTTPS but did you check that cookies were enabled on your browsers? Some organisations disabled certain ones via group policies. Did you also check the time on your servers to make sure they all match?

Let me know if using Edge works, the other thing that would be good for troubleshooting here if you are able to is getting a HAR file capture of when you are performing this task as that should show us what calls are being made and erroring out. I have created you a secure link here that you can upload the HAR file to. Let us know when its been uploaded as we aren’t notified.

I look forward to hearing from you,

Kind Regards,

Clare

Uploaded the HAR file.
Datadog just supports Chrome Browser when creating synthetic checks

Hey @Naman.Kumar,

Thank you for the HAR file. This shows there is a logon issue with Okta when bringing back the cookie for Octopus to see and authenticate with. The error message below:

{“ErrorMessage”:“There was a problem with your request.”,“Errors”:[“User login failed: Missing State Hash Cookie. As a security precaution, Octopus ensures the state object returned from the external identity provider matches what it expected. In this case the Cookie containing the SHA256 hash of the state object is missing from the request.”]}}

Suggests there is an issue with the cookie your web browser is passing. As per the documentation from us you linked mainly this section.

  • Are you able to logon to Octopus with Okta?

  • Can you clarify what you mean by 'The same user login is working fine when tested on the local browser. ’

I look forward to hearing from you,

Kind Regards,

Clare