Identityserver4: "Error from RemoteAuthentication: Correlation failed.." only when accessing with google Chrome
The Correlation error occurs when after the redirect to /signin-oidc of our MvcClient.
We tried Microsoft Edgde, Firefox and Chrome. For now only Chrome seems to cause the error.
The Mvc clients log shows:
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 POST http://mvcclient/signin-oidc application/x-www-form-urlencoded 1579
warn: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware[15]
'.AspNetCore.Correlation.oidc.ADblIkZ7gYxFkMUY59txNnITmXP2MmdyHK0gNSqHqAg' cookie not found.
info: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware[4]
Error from RemoteAuthentication: Correlation failed..
fail: Microsoft.AspNetCore.Server.Kestrel[13]
Connection id "0HL5I6OK2VVQF": An unhandled exception was thrown by the application.
System.AggregateException: Unhandled remote failure. ---> System.Exception: Correlation failed.
--- Einde van intern uitzonderingsstackpad ---
bij Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.
--- Einde van stacktracering vanaf vorige locatie waar uitzondering is opgetreden ---
bij System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
bij System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
bij Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.<HandleRequestAsync>d__5.MoveNext()
--- Einde van stacktracering vanaf vorige locatie waar uitzondering is opgetreden ---
bij System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
bij System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
bij Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.<HandleRequestAsync>d__15.MoveNext()
--- Einde van stacktracering vanaf vorige locatie waar uitzondering is opgetreden ---
bij System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
bij System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
bij Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.
--- Einde van stacktracering vanaf vorige locatie waar uitzondering is opgetreden ---
bij Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.<Invoke>d__18.MoveNext()
--- Einde van stacktracering vanaf vorige locatie waar uitzondering is opgetreden ---
bij System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
bij System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
bij Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.
--- Einde van stacktracering vanaf vorige locatie waar uitzondering is opgetreden ---
bij Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.<Invoke>d__18.MoveNext()
--- Einde van stacktracering vanaf vorige locatie waar uitzondering is opgetreden ---
bij System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
bij System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
bij Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.<Invoke>d__4.MoveNext()
--- Einde van stacktracering vanaf vorige locatie waar uitzondering is opgetreden ---
bij System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
bij System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
bij Microsoft.AspNetCore.Server.IISIntegration.IISMiddleware.<Invoke>d__8.MoveNext()
--- Einde van stacktracering vanaf vorige locatie waar uitzondering is opgetreden ---
bij System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
bij System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
bij Microsoft.AspNetCore.Hosting.Internal.RequestServicesContainerMiddleware.<Invoke>d__3.MoveNext()
--- Einde van stacktracering vanaf vorige locatie waar uitzondering is opgetreden ---
bij System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
bij System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
bij System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
bij Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Frame1.
---> (Interne uitzondering #0) System.Exception: Correlation failed.<---`
Can anyone tell me what might be causing this?
jhermsen
All 6 comments
This really sounds more like a question for Microsoft, since it's their library.
brockallen
on 17 Jun 2017
@jhermsen: The correlation depends on a cookie that is set by the OIDC middleware. Perhaps the cookie is not getting set (or is expiring) before the redirect occurs.
openidauthority
on 27 Jun 2017
Just FYI if anyone else has this issue. For me I found that it was caused by running fiddler while doing development. The URLs used in the browser when using fiddler look as such https://localhost.fiddler:port/
This allows your chrome traffic especially to get out of the localhost sandbox so fiddler can intercept it for inspection. When it leaves fiddler it looks like https://localhost:port to the receiving service. So the callback goes to localhost instead of localhost.fiddler. This mismatch caused the issue. I'm assuming with the cookie. We've also seen issues with this in regards to CORS.
We stopped using the localhost.fiddler hostname for this development to avoid the problem. I wish sandboxing wasn't an issue so we could just use localhost again for everything and avoid this problem.
gilm0079
on 22 Dec 2017
Same issue as here I guess: https://github.com/IdentityServer/IdentityServer4/issues/720
I get it too, without Identity Server, just the standard MS Identity external login. Still unable to solve the issue, clock is ok and it fails only on iOS products.
JeanCollas
on 2 Jan 2018
Fyi for future people who get this error. I caused this issue by changing the default cookie policy settings.
For Google OAuth I was getting "Correlation Failed". For Twitter I was getting "invalid cookie state".
app.UseCookiePolicy(new CookiePolicyOptions()
{
HttpOnly = HttpOnlyPolicy.Always,
Secure = CookieSecurePolicy.Always,
MinimumSameSitePolicy = SameSiteMode.Strict
});
Based on https://github.com/aspnet/Security/issues/1231 it sounds like me changing SameSite to Strict prevented the browser from sending the .xsrf & __TwitterState cookies when redirecting back from the google/twitter social login page.
Taking the UseCookiePolicy code section out of my Startup.cs fixes the issue. I believe I could also change Strict to Lax as an alternate fix.
speige
on 6 Feb 2018
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
![lock[bot] picture](https://avatars1.githubusercontent.com/in/6672?v=4&s=40)
lock[bot]
on 13 Jan 2020
Related issues
eshorgan
路
3Comments
user1336
路
3Comments
createroftheearth
路
3Comments
garymacpherson
路
3Comments
not-good-with-usernames
路
3Comments
Most helpful comment
Fyi for future people who get this error. I caused this issue by changing the default cookie policy settings.
For Google OAuth I was getting "Correlation Failed". For Twitter I was getting "invalid cookie state".
Based on https://github.com/aspnet/Security/issues/1231 it sounds like me changing SameSite to Strict prevented the browser from sending the .xsrf & __TwitterState cookies when redirecting back from the google/twitter social login page.
Taking the UseCookiePolicy code section out of my Startup.cs fixes the issue. I believe I could also change Strict to Lax as an alternate fix.