Response session state does not have corresponding state or nonce parameters or redirect URL

ES & KB: 7.3.2
While signing into Kibana with oidc realm, I got the following error out of the blue.

{"statusCode":401,"error":"Unauthorized","message":"Response session state does not have corresponding state or nonce parameters or redirect URL."}

Usually, It keeps on appearing and automatically gets out in a couple of hours, sometimes in a day. Why is this happening?

This means that either:

  • Your Kibana session cookie expired while you were trying to authenticate with OpenID Connect to you OP. I.e. you clicked on Kibana and was redirected to you OP but then stayed there for many hours before actually logging in and getting redirected back to Kibana. ( <- not sure if this is even possible )

  • You used a URL with an OpenID Connect authentication response from your OP, that you copied from another browser or from a previous attempt. As such Kibana is lacking the necessary information to proceed with the authentication and fails the request.

I would expect that this happened only once ? If you do get this often, please open a support ticket with your support engineer so that we can actually look at the logs from Kibana and Elasticsearch and see if there is an issue somewhere.