Correlation failed - cookie not found

[mjaber]

Hello
this is our first Ids4 production server.

we have been in the issue for 2 weeks without any progress. i found lots of slimier articles but none of them helped us.

Note :

• if the client and the sso were on the same server the application with run perfectly.
• should we install a certificate on the localhost?

thanks in advance

**### Environment **
Client : https://localhost:9002
Server : https://sso.domain.com (After F5 load balancer)

### Server Config

var cert = new X509Certificate2(Path.Combine(".", "certs", "sso.domain.com.pfx"),"111"); var builder = services.AddIdentityServer(options => { }).AddSigningCredential(cert) .AddInMemoryIdentityResources(identityResourceList) .AddInMemoryApiResources(apiResourceList) .AddInMemoryClients(clientList) .AddCustomUserStore();

### Client Config
` Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;

        JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

        services.AddAuthentication(options =>
        {
            options.DefaultScheme = "Cookies";
            options.DefaultChallengeScheme = "oidc";
        })
            .AddCookie("Cookies")
            .AddOpenIdConnect("oidc", options =>
            {
                options.Authority = "https://sso.domain.com";
                options.RequireHttpsMetadata = false;

                options.ResponseType = "code id_token";
                options.ClientId = _configuration["ClientId"];
                options.ClientSecret =  "MyPassword";
                options.SaveTokens = true;
               

                options.Scope.Add("offline_access");

                options.BackchannelHttpHandler = new HttpClientHandler()
                {
                    UseProxy = false
                };
            });`

---

info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/2.0 POST https://localhost:9002/signin-oidc application/x-www-form-urlencoded 1574
warn: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[15]
'.AspNetCore.Correlation.oidc.4_iXFwzy8YJc9U6coPPRg_WPY_if6hVCNQxaEfVRoNE' cookie not found.
info: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[4]
Error from RemoteAuthentication: Correlation failed..
fail: Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1]
An unhandled exception has occurred while executing the request.
System.Exception: An error was encountered while handling the remote login. ---> System.Exception: Correlation failed.
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]

[leastprivilege]

This error happens on the client and typically means that the correlation cookie is not set - or for some reasons has not been sent.

You need to check your network traces if you can find a reason why the cookie got "lost".

[mjaber]

solved by removing app.UseCookiePolicy(); from client startup

#3788 aspnet/Security#1755 (comment)

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.