I have the following problem. We have two tenants (one for our test environment and one for our production environment). The settings of the tenants are the same, multiple colleagues have verified this and haven’t noticed a difference. The same goes for the setting of the applications.
On our test environment is working ok. We get an auth0 and an auth0-mf cookie and when we refresh or go to another application everything is fine.
In our production enviroment this is not working. When you login you get the auth0 (but no auth0-mf cookie), when you refresh or go to another application. The silent login fails because the mfa is required.
Any ideas/hints where to look for cause of the problem or solution suggestions?
I would be happy to look into this for you.
I have a few requests to help clarify some things:
- Are you using the same application (exact same code) for each?
- Can you please send me the name of each tenant in a DM ?
- If you have time, please record a HAR file of each transaction and send it via DM.
Thanks for the reply. A colleague told me we could also open a ticket and one of your colleagues helped me out there. I indeed provided him with the har-files. I should have mentioned it over here.
We missed one difference between the tenants and it was in the Rules section where we had
allowRememberBrowser: false on the production environment and
allowRememberBrowser: true on the test environment.
We switched to the solution provided by https://github.com/auth0/rules/blob/master/src/rules/require-mfa-once-per-session.js to solve our problem.
Glad you found a solution Paul!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.