Grafana Azure ad oauth (missing saved state)

Hi does someone know what might be causing the (missing saved state) error on every first login in Grafana?

My root_url is set properly and i’ve set my cookie_samesite = lax or none but the error stll persist.

It can be:

  • wrong Grafana configuration
  • wrong IdP (OIDC client) configuration
  • wrong browser configuration

And nobody will be able to help you, because you have provided only error description without any details about used configuration. I would recommend to focus more on the question - especially Help others reproduce the problem.

thank you for replying @jangaraj.
I’m using latest chrome browser and safari to test.

Here is my grafana.ini configuration

grafana.ini: |
# Protocol (http or https)
protocol = https
# The ip address to bind to, empty will bind to all interfaces
;http_addr =
# The http port to use
http_port = 3000
# The public facing domain name used to access grafana from a browser
domain = IP
# Redirect to correct domain if host header does not match domain
# Prevents DNS rebinding attacks
enforce_domain = true
# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
root_url = https://ip
# Log web requests
;router_logging = false
# the path relative working path
;static_root_path = public
# enable gzip
;enable_gzip = false
# https certs & key file
cert_file = /etc/grafana/certs/grafana.crt
cert_key = /etc/grafana/certs/grafana.key

# Set to true to disable (hide) the login form, useful if you use OAuth
disable_login_form = true

name = Microsoft
enabled = true
allow_sign_up = true
client_id = <clientID>
client_secret = <clientSecret>
scopes = openid email name
auth_url =<tenantID>/oauth2/authorize
token_url =<tenantID>/oauth2/token
api_url =
team_ids =
allowed_organizations =
tls_skip_verify_insecure = true
signout_redirect_url =<tenantID>/oauth2/logout?post_logout_redirect_uri=https://ip

# disable user signup / registration
allow_sign_up = false
# Set to true to automatically assign new users to the default organization (id 1)
auto_assign_org = true
# Default role new users will be automatically assigned (if auto_assign_org above is set to true)
auto_assign_org_role = Admin
auto_assign_org_id = 1

disable_initial_admin_creation = true
# set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict", "none" and "disabled"
cookie_samesite = lax
cookie_secure = true
login_remember_days = 30

What is your logic behind: cookie_samesite = disabled?
Please enable debug logs and provide Grafana logs/Chrome browser console errors/Chrome logs of used urls (some IDP errors are in the get parameters).

BTW: Please format your post properly - make it easier for community to read, when you want free help.

cookie_samesite is actually lax.

Here is the chrome logs that I’m encountering. It says 500 internal server error. but when i try to re-login no user input needed i’m automaticlly in Grafana dashboards.

I’m repeating again:

Your logs doesn’t show any error 500, which you have in the browser. What is the point of showing logs without that error?

Please provide all details in one go instead of ping ponging and rerequesting details again and again.

The 500 error is in the last line. This is all of the logs