Forum Discussion

madhava's avatar
madhava
Icon for Altocumulus rankAltocumulus
Jul 21, 2023

BIG-IP APM OAuth Client: state parameters do not match

Hi,

I have BIG-IP APM installed , it is a simple Virtual Server with Access policy for OAuth Client/ Resouce server integrated with Okta. When I try to access a recource on the server it redirects me Okta and gets the access code but when connects to F5 APM again it Deny's the access and through following error.

Common/XXXOktaAP:Common:541531e8:/Common/XXXOktaAP_act_oauth_client_ag: OAuth Client: 'state' parameters do not match (expected=5XYrM28-OiGYD4UOwPf40gA, received=5xyrm28-oigyd4uowpf40ga) for server '/Common/XXXOktaServer' (client_id=0oa5rwhe5nmDhoiK8697)

It looks like iexpected vs received is just letters case sensitive, but I don't see this information anywhere in the communication request/response.

When I serched up for in tech docs I found this

OAuth Client: state parameters do not match
This is an internal APMD error; this error should not occur.

What does this mean? any help would be appreciated.

Thanks

Madhava

  • Ok found the root cause,  problem is on ourside side. This is not a Browser driven environment but an headless client make these calls and it is manipulating the OAuth response to convert into lower case causing this failure. 

    Thanks

  • Ok found the root cause,  problem is on ourside side. This is not a Browser driven environment but an headless client make these calls and it is manipulating the OAuth response to convert into lower case causing this failure. 

    Thanks