SAS Viya 3.4 authentication does not work when you use Okta as an external OAuth/OpenID Connect provider. This issue occurs because the SAS Logon Manager request to the OpenID Connect provider does not contain the STATE parameter. SAS Logon Manager in SAS Viya 3.4 does not currently support the STATE parameter when you use external providers.

Workaround

If you want to continue to use Okta before the fix is available in a future release of SAS Viya, you can switch from using OAuth/OpenID Connect to using SAML. For more information, see the SAML Application Setup Overview section of the Okta documentation.

A fix for this issue is planned for a future software release.

Additional Information

For more information about the STATE parameter, see the following resources:

• The STATE parameter is not a required part of the authentication request according to the OpenID Connect specification. For more details, see the "3.1.2.1. Authentication Request" section of OpenID Connect Core 1.0 incorporating errata set 1.
• For more information about the OAuth 2.0 STATE parameter from the Okta provider, see the OpenID Connect & OAuth 2.0 API documentation.

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
			Reported	Fixed*	Reported	Fixed*
SAS System	SAS Viya	Linux for x64	3.4	3.4		Viya

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

---

An update for this issue is available for SAS Viya 3.4. For instructions on how to access and apply software updates, see the Updating Your SAS Viya software section in the SAS Viya 3.4 for Linux Deployment Guide at

http://documentation.sas.com/?softwareId=administration&softwareVersion=3.4&softwareContextId=softwareUpdates

---

An update for this issue is available for SAS Viya 3.4. For instructions on how to access and apply software updates, see the Updating Your SAS Viya software section in the SAS Viya 3.4 for Windows Deployment Guide at

http://documentation.sas.com/?softwareId=administration&softwareVersion=3.4&softwareContextId=softwareUpdatesWin

---

Viya on Windows: An update for this issue is available for SAS Viya 3.4. For instructions on how to access and apply software updates, see the Updating Your SAS Viya software section in the SAS Viya 3.4 for Windows Deployment Guide at

http://documentation.sas.com/?softwareId=administration&softwareVersion=3.4&softwareContextId=softwareUpdatesWin

---

Viya on Linux: An update for this issue is available for SAS Viya 3.4. For instructions on how to access and apply software updates, see the Updating Your SAS Viya software section in the SAS Viya 3.4 for Linux Deployment Guide at

http://documentation.sas.com/?softwareId=administration&softwareVersion=3.4&softwareContextId=softwareUpdates

---

SAS Viya 3.4 authentication does not work when you use Okta as an external OAuth/OpenID Connect provider. This issue occurs because of the missing STATE parameter on the request from SAS® Logon Manager to the OpenID Connect Provider.

Type:	Problem Note
Priority:	medium

Date Modified:	2019-09-05 10:39:44
Date Created:	2019-08-13 10:43:44