login.OAuthLogin(missing saved state) - Community version of grafana with OKTA integration

Grafana Configuration
#1

Hi

I’m trying to configure Community edition Grafana(official docker image) with Okta integration.

After doing Okta configuration, Okta authenticates and redirect request to grafana, where I hosted it, But, it shows following error:

login.OAuthLogin(missing saved state)

I’m not using any database for storing sessions. I want to save it on local file only.
In container, I can see sessions folder created: /var/lib/grafana/sessions/ and some files are created.

Few of the configurations I’m setting:
GF_AUTH_ANONYMOUS_ENABLED: “false”
GF_SERVER_ROOT_URL: “https://”
GF_AUTH_OAUTH_AUTO_LOGIN: “true”
GF_AUTH_GENERIC_OAUTH_NAME: “Okta”
GF_AUTH_GENERIC_OAUTH_ENABLED: “true”
GF_AUTH_GENERIC_OAUTH_SCOPES: “groups”
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: “my_client_id”
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: “some_secret”
GF_AUTH_GENERIC_OAUTH_AUTH_URL: “url”
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: “url”
GF_AUTH_GENERIC_OAUTH_API_URL: “url”
GF_SESSION_COOKIE_SECURE: “true”

Please suggest.

#2
#3

I followed everything from there. But, got the issue which I reported.

App is going to Okta for authenticating. Okta sends back to Grafana app. Then issue comes up.

#4

Why did you use groups scope? Check logs, pls.

#5

Other scopes were not working.

Logs:
t=2019-10-01T03:51:19+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=10.51.65.210 time_ms=2 size=29 referer=

t=2019-10-01T03:51:19+0000 lvl=info msg=“OAuth auto login enabled. Redirecting to /login/generic_oauth”

t=2019-10-01T03:51:19+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login status=307 remote_addr=10.51.65.210 time_ms=3 size=56 referer=

t=2019-10-01T03:51:20+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=302 remote_addr=10.51.65.210 time_ms=1 size=296 referer=

t=2019-10-01T03:51:21+0000 lvl=eror msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=500 remote_addr=10.51.65.210 time_ms=2 size=1742 referer=

t=2019-10-01T03:51:23+0000 lvl=eror msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=500 remote_addr=10.51.65.210 time_ms=2 size=1742 referer=

t=2019-10-01T03:51:39+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=10.51.65.210 time_ms=0 size=29 referer=

t=2019-10-01T03:51:40+0000 lvl=info msg=“OAuth auto login enabled. Redirecting to /login/generic_oauth”

t=2019-10-01T03:51:40+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login status=307 remote_addr=10.51.65.210 time_ms=2 size=56 referer=

t=2019-10-01T03:51:40+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=302 remote_addr=10.51.65.210 time_ms=0 size=296 referer=

t=2019-10-01T03:51:41+0000 lvl=eror msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=500 remote_addr=10.51.65.210 time_ms=1 size=1742 referer=

t=2019-10-01T03:52:00+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=10.51.65.210 time_ms=1 size=29 referer=

t=2019-10-01T03:52:01+0000 lvl=info msg=“OAuth auto login enabled. Redirecting to /login/generic_oauth”

t=2019-10-01T03:52:01+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login status=307 remote_addr=10.51.65.210 time_ms=2 size=56 referer=

t=2019-10-01T03:52:01+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=302 remote_addr=10.51.65.210 time_ms=1 size=296 referer=

t=2019-10-01T03:52:01+0000 lvl=eror msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=500 remote_addr=10.51.65.210 time_ms=0 size=1742 referer=

#6

Hey,

I have the same issue but just with Okta, what should I add in my config to fix this :

[auth]
disable_login_form = true
oauth_auto_login = true
login_cookie_name = grafana_session
oauth_state_cookie_max_age = 60
[security]
cookie_secure = true
cookie_httponly = true
cookie_samesite = strict

Any help would be appreciated.

Thanks.