Okta 400 Login Failed GENERAL_NONSUCCESS

Owned by Knowledge Assistant
Last updated: Oct 30, 2024
1 min read



Description of Issue

Upon sign-in to Okta, presented with 400: Bad Request Error Code: GENERAL_NONSUCCESS

This error is presented alongside ADFS integrations.



Context

  • Okta

  • ADFS

  • Expired Certificate 

  • TID-W



Cause

  • ADFS certificate has expired or is close to expiring

  • Changes to the ADFS certificate can also trigger this error. The ADFS system can auto-generate newer certificates. When this happens, the older one is displaced and the newer one is set as the Primary certificate, and the Primary certificate in ADFS is what Okta looks for

  • Expired Secret Value in Azure AD



Resolution

  1. Obtain the new ADFS certificate

    1. Access the ADFS server with an administrative account.

    2. Log in to the ADFS Management Console.

    3. Expand the Service Certificates folder.

    4. Right-click the certificate under Token-signing in the Certificates pane > View Certificate

    5. Details > Copy to File

    6. Select Base-64 encoded X.509 (.CER) as the format

    7. Next > Enter the certificate file name and the location to export it to > Finish

  2. Contact Tyler Systems Management Support or log a case via the Online Support Client Portal



Additional Information

If the ADFS certificate is not public-facing, it will need to be sent securely to Tyler to update.

How To Export the Token-signing Certificate From ADFS