"An error with Nouce cookie occured" in Sitecore Single Sign-On
I have implemented Sitecore Single Sign-On using Custom Identity Provider in my project. This is working fine on-premise but when I deployed it on AWS then this SSO functionality was not working on Chrome and I was getting the below error:
Error:
Solution:
After some research, I found that I need to pass `CookieManager` property in `oidcOptions` object as mentioned below code:
public ProjectIdentityProvider(
FederatedAuthenticationConfiguration federatedAuthenticationConfiguration,
ICookieManager cookieManager,
BaseSettings settings) : base(federatedAuthenticationConfiguration, cookieManager, settings)
{
this.cookieManager = cookieManager ?? throw new ArgumentNullException(nameof(cookieManager));
}
protected override void ProcessCore(IdentityProvidersArgs args)
{
var authenticationType = this.GetAuthenticationType();
var identityProvider = this.GetIdentityProvider();
var saveSigninToken = identityProvider.TriggerExternalSignOut;
var oidcOptions = this.SetupOidcOptions(authenticationType, saveSigninToken);
args.App.UseOpenIdConnectAuthentication(oidcOptions);
}
public OpenIdConnectAuthenticationOptions SetupOidcOptions(
string authenticationType,
bool saveSigninToken)
{
OpenIdConnectAuthenticationOptions o = new OpenIdConnectAuthenticationOptions();
CancellationToken cancel = new CancellationToken(false);
IConfigurationManager<OpenIdConnectConfiguration> configurationManager =
new ConfigurationManager<OpenIdConnectConfiguration>("https://ids-dev.sharepointguild.com/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever());
var oidcOptions = new OpenIdConnectAuthenticationOptions
{
Configuration = configurationManager.GetConfigurationAsync(cancel).Result,
AuthenticationType = authenticationType,
ClientId = clientId,
ClientSecret = clientSecret,
ResponseType = OpenIdConnectResponseType.IdTokenToken,
RedirectUri = redirectUri,
PostLogoutRedirectUri = postLogoutRedirectUri,
Scope = OpenIdConnectScope.OpenIdProfile + " " + OpenIdConnectScope.OfflineAccess,
SaveTokens = true,
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = this.RedirectToIdentityProviderAsync,
SecurityTokenValidated = this.SecurityTokenValidatedAsync,
AuthenticationFailed = (context) =>
{
if (context.Exception.Message.Contains(errorCode))
{
context.HandleResponse();
context.OwinContext.Authentication.Challenge();
}
Sitecore.Diagnostics.Log.Error("AuthenticationFailed" + context.Exception.Message, "AuthenticationFailed" + context.Exception.Message);
return Task.FromResult(true);
}
},
TokenValidationParameters =
{
SaveSigninToken = saveSigninToken,
ValidateIssuer = false
},
CookieManager = cookieManager
};
oidcOptions.Configuration.AuthorizationEndpoint = authority;
return oidcOptions;
}
I hope this solution is helpful for you as well :)
Comments