We're currently using Okta for SSO for our IIS web app and it seems to work fine 99% of the time. However, there is a single user that, when attempting to login, gets this exception about a missing nonce. I've tried reducing all of the variables as much as possible, and I've gotten to the point where two users are trying to login to the same application with the same Okta credentials from the same machine and using the same browser (default chrome freshly installed with no plugins or browsing history). The only differences are where they are RDP'd into the machine from and which windows domain account they're logged in as. Neither of these seem like they should make any difference whatsoever.
However, one user successfully logs in and the other gets this obtuse Exception about a missing nonce.
I've seen several other questions regarding solving this error (IDX21323), and I'm not seeing any actual solutions or explanations that make sense. I've tried a couple of hacks like adding in a new challenge when authentication fails and the auth failed notification exception contains the text "IDX21323", but it doesn't have any effect.
I don't understand the problem well enough to ask a more detailed question because I can't, for the life of me, understand how it could be happening in one case but not the other. I'm not even sure what to investigate at this point.
