Asking this question here after doing quite a lot of research on OpenID Connect mechanism including authentication DLLs sessions and cookies in .NET Core. Hope experts like you will be able to help me out with my long pending issue.
I am unable to login to the application and getting below exceptions, when I run my application with more than one pod. With single pod it's working fine.
Exception: The oauth state was missing or invalid. (Unknown location)
Exception: An error was encountered while handling the remote login.
I am using ASP.NET Core 2.1 in Visual Studio 2017 and implemented SSO using OpenId Connect mechanism. Using Ping as identity provider.
The application is deployed in ICP (IBM Cloud) environment and using Kubernetes to create pods.
After getting the exception, if I keep the browser open without click, the exception changes to :
Exception: OAuth Token Endpoint Failure: Status:BadRequestHeader
I tried few things like enabling SQL Server session state for the application (considering it's a distributed session scenario and cud be session values are not available on other pod), Samesite configuration in Startup file, implemented ITicket Session store and few others but no luck.
Have you configured the Data Protection API in each pod?
Your session cookie issued by ASP.NET core is encrypted using the Data Protection API
To make the cookie from one Pod to be consumable by the other Pod, then both pods needs to be configured using the same key.
The key used to sign the cookie is stored in a Key ring. If you redeploy your application and if you haven't configured it correctly, then a new encryption key will be issued for each service.
If the key that was used to encrypt the cookie can't be found, then this means that existing session cookie in the all clients browsers can't be decrypted anymore.
See this article about this API and this article about how to configure it.