Forum Discussion

Naoki's avatar
Naoki
Icon for Making Connections rankMaking Connections
8 months ago

"400 Bad Request" Error Occurs with Okta SSO - Unable to Log in to VPN

I configured SSO authentication with Okta as the IdP for the Cato VPN Client, but when attempting to connect to the VPN, I receive a '400 Bad Request' error and cannot log in. Setup: "Single Sign-O...
access
sdp
michaelsaw's avatar
michaelsaw
Icon for Cato Professional Services rankCato Professional Services
8 months ago

Hi Noaki san, 

Can I check if you have reach out to OKTA to check further on this matter?

Thank you.

Naoki's avatar
Naoki
Icon for Making Connections rankMaking Connections
8 months ago

Hi michaelsaw,

No, I have not contacted Okta yet.

Since this issue remains unresolved, I set up an Okta Developer environment again for further testing. (It seems that Okta authentication policies are not the cause.)

When attempting to log in to the VPN from the Cato Client, the following error occurs:

Error Message: "400 Bad Request"  
Identity Provider: Unknown, Error Code: login_required  

However, if I first log in to the Okta Dashboard via "Go to Homepage" and then retry the VPN login from the Cato Client, SSO succeeds, and the status shows "Connected."

It may be related to the IdP token, but we have not been able to identify the exact cause yet.

Here are the current Cato SSO settings:

- Allow login with Single Sign-On: Enabled  
- Sign in with Windows credentials: Enabled (User selection)  
- Token validity: Always Prompt  
- Force re-authenticate after: 1 Day  

I would appreciate your advice on any settings that should be reviewed or potential causes.

Best regards,