Auth0-mf cookie not set

pauls · September 27, 2019, 7:00am

Hi there,

I have the following problem. We have two tenants (one for our test environment and one for our production environment). The settings of the tenants are the same, multiple colleagues have verified this and haven’t noticed a difference. The same goes for the setting of the applications.

On our test environment is working ok. We get an auth0 and an auth0-mf cookie and when we refresh or go to another application everything is fine.

In our production enviroment this is not working. When you login you get the auth0 (but no auth0-mf cookie), when you refresh or go to another application. The silent login fails because the mfa is required.

Any ideas/hints where to look for cause of the problem or solution suggestions?

Thanks!

dan.woda · September 27, 2019, 8:59pm

Hi @pauls,

I would be happy to look into this for you.

I have a few requests to help clarify some things:

Are you using the same application (exact same code) for each?
Can you please send me the name of each tenant in a DM ?
If you have time, please record a HAR file of each transaction and send it via DM.

Thanks,
Dan

pauls · October 1, 2019, 11:54am

Hi Dan,
Thanks for the reply. A colleague told me we could also open a ticket and one of your colleagues helped me out there. I indeed provided him with the har-files. I should have mentioned it over here.

We missed one difference between the tenants and it was in the Rules section where we had allowRememberBrowser: false on the production environment and allowRememberBrowser: true on the test environment.

We switched to the solution provided by rules/require-mfa-once-per-session.js at master · auth0/rules · GitHub to solve our problem.

Greetings,

Paul

dan.woda · October 1, 2019, 11:35pm

Glad you found a solution Paul!

Best,
Dan

dan.woda · October 16, 2019, 11:35pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.