[IdP] Intermittent error accessing OKTA enabled app-The file '/IdP/Home.aspx' doesn't exist

Forge Component
(43)
Published on 5 Jun by Leonardo Fernandes
43 votes
Published on 5 Jun by Leonardo Fernandes

We are using the IDP module to authenticate application over OKTA. From the last 2 weeks, we are experiencing an intermittent error, mostly the first time when the user logs into the application. Immediately after the OKTA login page, the user gets an error - "The page cannot be found. Please make sure you typed the URL correctly" (Page URL - https://<outsystem tenant url>/IdP/CustomHandlers/notfound.aspx?)

If the user uses the same browser session and hit the URL again, everything works just fine and this time application skips the authentication page.

Also, the application works on all other browsers just fine. It is really weird and there is not much we can see in the error logs except for an error on the IDP module:


Please note that we are using IDP version 10 that was upgraded on Outsystems 11 in May 2020, however this issue was observed more recently across all platforms(DEV, UAT, PROD).

Stake trace -

The file '/IdP/Home.aspx' does not exist.
at System.Web.UI.Util.CheckVirtualFileExists(VirtualPath virtualPath)
at System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate)
at System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate)
at System.Web.Compilation.BuildManager.GetVirtualPathObjectFactory(VirtualPath virtualPath, HttpContext context, Boolean allowCrossApp, Boolean throwIfNotFound)
at System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath virtualPath, Type requiredBaseType, HttpContext context, Boolean allowCrossApp)
at System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath)
at System.Web.HttpApplication.MaterializeHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Hello Nikhil Singh,

That specific error happens when someone tries to access a screen that no longer exists (or never did). In the case of IdP, that screen or Entry Point no longer exists.


Can you confirm that the users are not using any old bookmarks and that there is nothing on the Idp Configuration that is redirecting to the Idp/Home.aspx or in the Okta configuration?

e.g: check the value of those settings

Regards,

Hi João Barata,


Thanks for your reply.

I confirm that users are not using any old bookmarks.

Interestingly, it happens with the first access every day for any user. Also, after error, if the user tries again to the same browse session, all subsequent requests work fine. It happens in all environments(DEV, QA, Production).


We have checked IDP configuration and OKTA side, there has not been any change in configuration. We have checked OKTA logs, and it is clean. When I check fiddler trace, it looks like the IDP module fails to redirect from IDP/sso.aspx to the ‘application destination URL’ instead it gets redirected to IDP/home.aspx.


I have debugged the IDP module and found that it happens when user token value change. It looks like at one point Session.DestinationURL is set to the default value “Home”.


The sequence of authentication flow in IDP:

Login screen - AUth>IDP>Preparation - User_check.UserID – 1235652

RegisterUserSession server action - AUth>IDP>Preparation - SessionIdex "idc76e56e5ad1b4b2c8b04433c4b3d1771"

Assign URL - Session.DestinationURL - Home.aspx


After session establish it redirects to the correct destination url- Session.DestinationURL = "https://<outsystems tenant>/<appname>/Home.aspx"

URL action - "https://jll-dev.outsystemsenterprise.com/inFormed/Home.aspx"


The issue seems to be here:

URL = If(SAML_Response_Process.RelayState <> "",  SAML_Response_Process.RelayState, Session.DestinationURL)


When I checked in code, I could see a Site property called “EntryName” = “Home” which used in

AUth>IDP>Preparation – Lebal Set Default Destination -


If(Session.DestinationURL="",GetEntryURL(Site.EntryName,Session.eSpaceName),Session.DestinationURL)