Cato EmployeeHi Noaki san,
Can I check if you have reach out to OKTA to check further on this matter?
Thank you.
Hi michaelsaw,
No, I have not contacted Okta yet.
Since this issue remains unresolved, I set up an Okta Developer environment again for further testing. (It seems that Okta authentication policies are not the cause.)
When attempting to log in to the VPN from the Cato Client, the following error occurs:
Error Message: "400 Bad Request"
Identity Provider: Unknown, Error Code: login_required
However, if I first log in to the Okta Dashboard via "Go to Homepage" and then retry the VPN login from the Cato Client, SSO succeeds, and the status shows "Connected."
It may be related to the IdP token, but we have not been able to identify the exact cause yet.
Here are the current Cato SSO settings:
- Allow login with Single Sign-On: Enabled
- Sign in with Windows credentials: Enabled (User selection)
- Token validity: Always Prompt
- Force re-authenticate after: 1 Day
I would appreciate your advice on any settings that should be reviewed or potential causes.
Best regards,
Cato EmployeeHi Naoki san,
Appreciate your efforts.
Just to check, have you seen this KB from OKTA on the 400 error? https://support.okta.com/help/s/article/error-400-bad-request-when-redirecting-to-the-authorize-endpoint-with-no-error-description?language=en_US
There is a OKTA SSO KB from Cato.
Can I check if you have reviewed this KB previously? https://support.catonetworks.com/hc/en-us/articles/11000926259613-Configuring-Okta-SSO-for-Your-Account
Thank you.
Hi michaelsaw,
Thanks for your reply.
I have checked the KB for both Okta and Cato.
The client_id values are exactly the same for both Okta and Cato.
I have no idea what is causing the problem.
Cato EmployeeHI Naoki-san,
As the error 400 is sent from OKTA.
A ticket with OKTA support would be beneficial to understand the details and resolve the issue.
Thank you.
