Correlation failed on Identity Server 4

Question

I have an Identity Server 4 configured with OpenIdConnect to Azure AD.

When user clicks on login button, IS4 redirects to Azure AD and on callback to IS4, it shows this error:

This is how I request token from postman:

Note that callback url is mobile application format.

This is my configuration:

services.AddAuthentication()
        .AddCookie(options => new CookieAuthenticationOptions
        {
            ExpireTimeSpan = TimeSpan.FromHours(12),
            SlidingExpiration = false,
            Cookie = new CookieBuilder
            {
                Path = "",
                Name = "MyCookie"
            }
        }).AddOpenIdConnect(options =>
        {
            options.ClientId = configuration["OpenIdConnect:ClientId"];
            options.Authority = configuration["OpenIdConnect:Authority"];
            options.SignedOutRedirectUri = configuration["OpenIdConnect:PostLogoutRedirectUri"];
            options.CallbackPath = configuration["OpenIdConnect:CallbackPath"];
            options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
            options.Resource = configuration["OpenIdConnect:Resource"];
            options.ClientSecret = configuration["OpenIdConnect:ClientSecret"];
            options.SaveTokens = true;
            options.RequireHttpsMetadata = false;

            options.TokenValidationParameters = new TokenValidationParameters
            {
                NameClaimType = "name",
                RoleClaimType = "role"
            };
            options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;

        });

And this are my parameters:

  "OpenIdConnect": {
    "ClientId": "xxxxxxxxxx",
    "Authority": "https://login.microsoftonline.com/xxxxxxxxxx/",
    "PostLogoutRedirectUri": "https://uri-of-my-identity-server.azurewebsites.net",
    "CallbackPath": "/signin-oidc",
    "ResponseType": "code id_token",
    "Resource": "https://graph.microsoft.com/",
    "ClientSecret": "my-secret"
  },

Note: this error only occurs on Azure environment (not locally)

Note: on Xamarin application, when Azure returns to IS4 consent screen, it shows this message:

You can try change the CallbackPath to `/signin-oidc-aad` , and modify the AAD application redirect url to `https://uri-of-my-identity-server.azurewebsites.net/signin-oidc-aad` — Nan Yu, Jan 15 '20 at 08:02
@NanYu I configured new url (with -aad string) on my IS4 parameters and Azure AD configuration but I got the same error — Sergio, Jan 15 '20 at 10:50
Have you tired this https://stackoverflow.com/questions/49280220/identityserver4-correlation-failed-error-with-external-provider — Sandy, Jan 23 '20 at 05:09

score 0 · Answer 1 · answered Jan 22 '20 at 21:40

It could be that there is an issue with the networking between your client and Azure. A certain port has not been opened or a load balancer is in between.

When decryption fails, state is null, thus resulting in a Correlation failed: state not found error. In our case, decryption failed because different keys were used for encryption/decryption, a pretty common problem when deploying behind a load balancer.

Correlation failed on Identity Server 4

1 Answers1