BIG-IP APM OAuth Client: state parameters do not match

Question

Hi,I have BIG-IP APM installed , it is a simple Virtual Server with Access policy for OAuth Client/ Resouce server integrated with Okta. When I try to access a recource on the server it redirects me Okta and gets the access code but when connects to F5 APM again it Deny's the access and through following error.Common/XXXOktaAP:Common:541531e8:/Common/XXXOktaAP_act_oauth_client_ag: OAuth Client: 'state' parameters do not match (expected=5XYrM28-OiGYD4UOwPf40gA, received=5xyrm28-oigyd4uowpf40ga) for server '/Common/XXXOktaServer' (client_id=0oa5rwhe5nmDhoiK8697)It looks like iexpected vs received is just letters case sensitive, but I don't see this information anywhere in the communication request/response.When I serched up for in tech docs I found thisOAuth Client: state parameters do not matchThis is an internal APMD error; this error should not occur.What does this mean? any help would be appreciated.ThanksMadhava

madhava · Accepted Answer

Ok found the root cause,&nbsp; problem is on ourside side. This is not a Browser driven environment but an headless client make these calls and it is manipulating the OAuth response to convert into lower case causing this failure.&nbsp;Thanks

Forum Discussion

BIG-IP APM OAuth Client: state parameters do not match

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

BIg-IP DNS Listener question

BIG-IP placement

How to get started with BIG-IP Virtual Edition, BIG-IQ VE or BIG-IP Cloud Edition Trial

F5 101 - BIG-IP Virtual Edition Version

Big-IQ bulk licensing of Big-IP using REST API

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS