SSO Troubleshooting Dashboard

Authentication Error

OpenIdConnectAuthenticationHandler: message.State is null or empty.

Configuration
Authority (IDP)https://ssostaging.mba.org
Client ID76f8ecbd-46e2-4d42-afdf-21d737918aec
Scopesopenid, profile, email, custom
Callback URL https://ssotest.sprintend.com
Ensure this URL is registered with the IDP
Authentication Status: Not Authenticated

Click below to start the SSO login flow and diagnose any issues.

Start SSO Login Test IDP Endpoints (No Auth)
SSO Event Log
Export JSON
RemoteFailure 23:31:28.243 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T23:31:28.2435376Z"
}
MessageReceived 23:31:28.243 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T23:31:28.2434447Z"
}
RemoteFailure 23:11:48.805 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T23:11:48.8055324Z"
}
MessageReceived 23:11:48.805 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T23:11:48.805458Z"
}
RedirectToIdentityProvider 23:05:35.825 
{
  "AuthorizationEndpoint": null,
  "ClientId": "76f8ecbd-46e2-4d42-afdf-21d737918aec",
  "RedirectUri": "https://ssotest.sprintend.com",
  "Scope": "openid profile email custom",
  "ResponseType": "code",
  "State": "72b23e47211e40b6a85aab5361eeccdb",
  "Nonce": "639051519358251539.YTZkOWZjNzEtMWZmYi00ZDkxLWFjOGMtYjYyM2Q4ODU2OGIxM2UwNDY2MTQtODQ2OS00OTE1LTkxMjEtYzFlZDRlZGQwZjBi",
  "FullRequestUrl": "https://ssostaging.mba.org/connect/authorize?client_id=76f8ecbd-46e2-4d42-afdf-21d737918aec\u0026redirect_uri=https%3A%2F%2Fssotest.sprintend.com\u0026response_type=code\u0026scope=openid%20profile%20email%20custom\u0026response_mode=form_post\u0026nonce=639051519358251539.YTZkOWZjNzEtMWZmYi00ZDkxLWFjOGMtYjYyM2Q4ODU2OGIxM2UwNDY2MTQtODQ2OS00OTE1LTkxMjEtYzFlZDRlZGQwZjBi\u0026state=72b23e47211e40b6a85aab5361eeccdb\u0026x-client-SKU=ID_NET9_0\u0026x-client-ver=8.0.1.0"
}
RemoteFailure 23:05:35.375 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T23:05:35.3758138Z"
}
MessageReceived 23:05:35.375 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T23:05:35.3756722Z"
}
RemoteFailure 23:05:11.713 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T23:05:11.7138929Z"
}
MessageReceived 23:05:11.713 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T23:05:11.7138321Z"
}
RemoteFailure 23:04:58.279 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T23:04:58.279227Z"
}
MessageReceived 23:04:58.279 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T23:04:58.2791779Z"
}
RemoteFailure 23:04:58.034 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T23:04:58.0347067Z"
}
MessageReceived 23:04:58.034 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T23:04:58.0346493Z"
}
RemoteFailure 23:02:53.197 
{
  "Error": "Correlation failed.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T23:02:53.1977676Z"
}
MessageReceived 23:02:53.197 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T23:02:53.1974626Z"
}
RemoteFailure 22:59:41.794 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:59:41.7949796Z"
}
MessageReceived 22:59:41.794 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:59:41.7949214Z"
}
RemoteFailure 22:59:39.260 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:59:39.2607497Z"
}
MessageReceived 22:59:39.260 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:59:39.2606946Z"
}
RemoteFailure 22:58:52.661 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:58:52.6619306Z"
}
MessageReceived 22:58:52.661 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:58:52.6618596Z"
}
RedirectToIdentityProvider 22:58:51.900 
{
  "AuthorizationEndpoint": null,
  "ClientId": "76f8ecbd-46e2-4d42-afdf-21d737918aec",
  "RedirectUri": "https://ssotest.sprintend.com",
  "Scope": "openid profile email custom",
  "ResponseType": "code",
  "State": "d0fe28710a0a42eeac36400f7782e01f",
  "Nonce": "639051515319002361.YjRiNTVkMWUtMDc4MS00ZTI3LWFiYTYtOGVmYjAzOGQ0N2JjMjc2OThkMDItZDQyOC00ODU1LTliNmQtYTVjOTdlMzZmZDRm",
  "FullRequestUrl": "https://ssostaging.mba.org/connect/authorize?client_id=76f8ecbd-46e2-4d42-afdf-21d737918aec\u0026redirect_uri=https%3A%2F%2Fssotest.sprintend.com\u0026response_type=code\u0026scope=openid%20profile%20email%20custom\u0026response_mode=form_post\u0026nonce=639051515319002361.YjRiNTVkMWUtMDc4MS00ZTI3LWFiYTYtOGVmYjAzOGQ0N2JjMjc2OThkMDItZDQyOC00ODU1LTliNmQtYTVjOTdlMzZmZDRm\u0026state=d0fe28710a0a42eeac36400f7782e01f\u0026x-client-SKU=ID_NET9_0\u0026x-client-ver=8.0.1.0"
}
RemoteFailure 22:58:51.582 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:58:51.5824587Z"
}
MessageReceived 22:58:51.582 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:58:51.5824089Z"
}
RemoteFailure 22:58:27.165 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:58:27.1657006Z"
}
MessageReceived 22:58:27.165 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:58:27.1656481Z"
}
RemoteFailure 22:58:15.323 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:58:15.3236308Z"
}
MessageReceived 22:58:15.323 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:58:15.3235832Z"
}
RemoteFailure 22:58:14.799 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:58:14.7993344Z"
}
MessageReceived 22:58:14.799 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:58:14.7992612Z"
}
AuthenticationFailed 22:56:42.439 
{
  "Error": "Failed to parse token response body as JSON. Status Code: 400. Content-Type: ",
  "ExceptionType": "OpenIdConnectProtocolException",
  "StackTrace": "   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)\r\n   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()",
  "InnerException": "IDX10000: The parameter \u0027json\u0027 cannot be a \u0027null\u0027 or an empty object.  (Parameter \u0027json\u0027)",
  "Timestamp": "2026-01-27T22:56:42.4399478Z"
}
BackchannelResponse 22:56:42.438 
{
  "StatusCode": 400,
  "ReasonPhrase": "",
  "Headers": "Cache-Control: no-cache\r\nPragma: no-cache\r\nTransfer-Encoding: chunked\r\nx-ms-proxy-app-id: acdf266a-1a14-4869-a1a8-692d078c00e6\r\nx-ms-proxy-group-id: a9ae3327-78e1-4558-8b8b-14226c4f38ee\r\nx-ms-proxy-subscription-id: 867e5d11-bde4-499f-b45e-61572f9f337c\r\nx-ms-proxy-transaction-id: e357659a-8251-4888-95b3-1f331606f4f8\r\nx-ms-proxy-service-name: proxy-appproxy-CUS-DSM01P-5\r\nx-ms-proxy-data-center: CUS\r\nx-ms-proxy-connector-id: ded4b5cc-11a8-4aa0-a11f-f19f23e2396e\r\nContent-Security-Policy: upgrade-insecure-requests\r\nReferrer-Policy: same-origin\r\nStrict-Transport-Security: max-age=2592000, max-age=31536000; includeSubDomains\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nNel: {\u0022report_to\u0022:\u0022network-errors\u0022,\u0022max_age\u0022:86400,\u0022success_fraction\u0022:0.001,\u0022failure_fraction\u0022:1.0}\r\nReport-To: {\u0022group\u0022:\u0022network-errors\u0022,\u0022max_age\u0022:86400,\u0022endpoints\u0022:[{\u0022url\u0022:\u0022https://ffde.nelreports.net/api/report?cat=proxy-appproxy-CUS-DSM01P-5\u0022}]}\r\nDate: Tue, 27 Jan 2026 22:56:41 GMT\r\n",
  "ContentHeaders": "Expires: -1\r\n",
  "Body": "",
  "Timestamp": "2026-01-27T22:56:42.4389759Z"
}
BackchannelRequest 22:56:41.834 
{
  "Method": "POST",
  "Url": "https://ssostaging.mba.org/connect/token",
  "Headers": "User-Agent: Microsoft ASP.NET Core OpenIdConnect handler\r\n",
  "ContentHeaders": "Content-Type: application/x-www-form-urlencoded; charset=utf-8\r\n",
  "Body": "client_id=76f8ecbd-46e2-4d42-afdf-21d737918aec\u0026client_secret=*****REDACTED*****\u0026code=061FB28E1B356639ACB3E76FFCB4765852A99BEC452B1546A26EE3F3F50F141D\u0026grant_type=authorization_code\u0026redirect_uri=https%3A%2F%2Fssotest.sprintend.com",
  "Timestamp": "2026-01-27T22:56:41.8346067Z"
}
AuthorizationCodeReceived 22:56:41.834 
{
  "Code": "061FB28E1B356639ACB3E76FFCB4765852A99BEC452B1546A26EE3F3F50F141D",
  "State": "8b44ca81628945d884b6e71dbf2c202e",
  "TokenRequestRedirectUri": "https://ssotest.sprintend.com",
  "Timestamp": "2026-01-27T22:56:41.8344394Z"
}
MessageReceived 22:56:41.834 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:56:41.8343306Z"
}
RedirectToIdentityProvider 22:56:41.616 
{
  "AuthorizationEndpoint": null,
  "ClientId": "76f8ecbd-46e2-4d42-afdf-21d737918aec",
  "RedirectUri": "https://ssotest.sprintend.com",
  "Scope": "openid profile email custom",
  "ResponseType": "code",
  "State": "8b44ca81628945d884b6e71dbf2c202e",
  "Nonce": "639051514016164519.MmZjYjQ5YzQtZmJiMS00Mjg4LThiOGUtZDE1MTcxZTgwNGVjYmEwYTU0OGEtMjcwNC00Mzk2LTg3OTctMjI1MTY5Nzg0NDhj",
  "FullRequestUrl": "https://ssostaging.mba.org/connect/authorize?client_id=76f8ecbd-46e2-4d42-afdf-21d737918aec\u0026redirect_uri=https%3A%2F%2Fssotest.sprintend.com\u0026response_type=code\u0026scope=openid%20profile%20email%20custom\u0026response_mode=form_post\u0026nonce=639051514016164519.MmZjYjQ5YzQtZmJiMS00Mjg4LThiOGUtZDE1MTcxZTgwNGVjYmEwYTU0OGEtMjcwNC00Mzk2LTg3OTctMjI1MTY5Nzg0NDhj\u0026state=8b44ca81628945d884b6e71dbf2c202e\u0026x-client-SKU=ID_NET9_0\u0026x-client-ver=8.0.1.0"
}
RemoteFailure 22:56:33.269 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:56:33.2691435Z"
}
MessageReceived 22:56:33.269 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:56:33.2690102Z"
}
RemoteFailure 22:53:17.861 
{
  "Error": "Correlation failed.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:53:17.8618554Z"
}
MessageReceived 22:53:17.861 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:53:17.8616119Z"
}
RemoteFailure 22:51:47.742 
{
  "Error": "Correlation failed.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:51:47.7424229Z"
}
MessageReceived 22:51:47.740 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:51:47.7408642Z"
}
AuthenticationFailed 22:49:32.330 
{
  "Error": "Failed to parse token response body as JSON. Status Code: 400. Content-Type: ",
  "ExceptionType": "OpenIdConnectProtocolException",
  "StackTrace": "   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)\r\n   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()",
  "InnerException": "IDX10000: The parameter \u0027json\u0027 cannot be a \u0027null\u0027 or an empty object.  (Parameter \u0027json\u0027)",
  "Timestamp": "2026-01-27T22:49:32.3306492Z"
}
BackchannelResponse 22:49:32.329 
{
  "StatusCode": 400,
  "ReasonPhrase": "",
  "Headers": "Cache-Control: no-cache\r\nPragma: no-cache\r\nTransfer-Encoding: chunked\r\nx-ms-proxy-app-id: acdf266a-1a14-4869-a1a8-692d078c00e6\r\nx-ms-proxy-group-id: a9ae3327-78e1-4558-8b8b-14226c4f38ee\r\nx-ms-proxy-subscription-id: 867e5d11-bde4-499f-b45e-61572f9f337c\r\nx-ms-proxy-transaction-id: 5838c5e9-bd98-40ce-80e2-b41ebb6b1320\r\nx-ms-proxy-service-name: proxy-appproxy-CUS-DSM01P-5\r\nx-ms-proxy-data-center: CUS\r\nx-ms-proxy-connector-id: ded4b5cc-11a8-4aa0-a11f-f19f23e2396e\r\nContent-Security-Policy: upgrade-insecure-requests\r\nReferrer-Policy: same-origin\r\nStrict-Transport-Security: max-age=2592000, max-age=31536000; includeSubDomains\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nNel: {\u0022report_to\u0022:\u0022network-errors\u0022,\u0022max_age\u0022:86400,\u0022success_fraction\u0022:0.001,\u0022failure_fraction\u0022:1.0}\r\nReport-To: {\u0022group\u0022:\u0022network-errors\u0022,\u0022max_age\u0022:86400,\u0022endpoints\u0022:[{\u0022url\u0022:\u0022https://ffde.nelreports.net/api/report?cat=proxy-appproxy-CUS-DSM01P-5\u0022}]}\r\nDate: Tue, 27 Jan 2026 22:49:32 GMT\r\n",
  "ContentHeaders": "Expires: -1\r\n",
  "Body": "",
  "Timestamp": "2026-01-27T22:49:32.3296324Z"
}
BackchannelRequest 22:49:31.683 
{
  "Method": "POST",
  "Url": "https://ssostaging.mba.org/connect/token",
  "Headers": "User-Agent: Microsoft ASP.NET Core OpenIdConnect handler\r\n",
  "ContentHeaders": "Content-Type: application/x-www-form-urlencoded; charset=utf-8\r\n",
  "Body": "client_id=76f8ecbd-46e2-4d42-afdf-21d737918aec\u0026client_secret=*****REDACTED*****\u0026code=9FF0CEFC776072F116204C2E5110129C7E8D69D7460C0F1B39CC9C1D4D5CC17A\u0026grant_type=authorization_code\u0026redirect_uri=https%3A%2F%2Fssotest.sprintend.com",
  "Timestamp": "2026-01-27T22:49:31.6832565Z"
}
AuthorizationCodeReceived 22:49:31.683 
{
  "Code": "9FF0CEFC776072F116204C2E5110129C7E8D69D7460C0F1B39CC9C1D4D5CC17A",
  "State": "cb5bb9dbe693415eb8dc5ec478416877",
  "TokenRequestRedirectUri": "https://ssotest.sprintend.com",
  "Timestamp": "2026-01-27T22:49:31.6830767Z"
}
MessageReceived 22:49:31.682 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:49:31.6829733Z"
}
RedirectToIdentityProvider 22:49:31.242 
{
  "AuthorizationEndpoint": null,
  "ClientId": "76f8ecbd-46e2-4d42-afdf-21d737918aec",
  "RedirectUri": "https://ssotest.sprintend.com",
  "Scope": "openid profile email custom",
  "ResponseType": "code",
  "State": "cb5bb9dbe693415eb8dc5ec478416877",
  "Nonce": "639051509712423817.MDM5MjQzN2UtZWJlYi00OTJjLTgzZmEtNjg2NTZiZmZlNTg5MGJhMDU1MmEtZTkwMy00OTdhLWFlZjQtZjQ4ZWJhOGM4Njc4",
  "FullRequestUrl": "https://ssostaging.mba.org/connect/authorize?client_id=76f8ecbd-46e2-4d42-afdf-21d737918aec\u0026redirect_uri=https%3A%2F%2Fssotest.sprintend.com\u0026response_type=code\u0026scope=openid%20profile%20email%20custom\u0026response_mode=form_post\u0026nonce=639051509712423817.MDM5MjQzN2UtZWJlYi00OTJjLTgzZmEtNjg2NTZiZmZlNTg5MGJhMDU1MmEtZTkwMy00OTdhLWFlZjQtZjQ4ZWJhOGM4Njc4\u0026state=cb5bb9dbe693415eb8dc5ec478416877\u0026x-client-SKU=ID_NET9_0\u0026x-client-ver=8.0.1.0"
}
AuthenticationFailed 22:46:25.505 
{
  "Error": "Failed to parse token response body as JSON. Status Code: 400. Content-Type: ",
  "ExceptionType": "OpenIdConnectProtocolException",
  "StackTrace": "   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)\r\n   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()",
  "InnerException": "IDX10000: The parameter \u0027json\u0027 cannot be a \u0027null\u0027 or an empty object.  (Parameter \u0027json\u0027)",
  "Timestamp": "2026-01-27T22:46:25.5058343Z"
}
BackchannelResponse 22:46:25.504 
{
  "StatusCode": 400,
  "ReasonPhrase": "Bad Request",
  "Headers": "Cache-Control: no-cache\r\nPragma: no-cache\r\nTransfer-Encoding: chunked\r\nx-ms-proxy-app-id: acdf266a-1a14-4869-a1a8-692d078c00e6\r\nx-ms-proxy-group-id: a9ae3327-78e1-4558-8b8b-14226c4f38ee\r\nx-ms-proxy-subscription-id: 867e5d11-bde4-499f-b45e-61572f9f337c\r\nx-ms-proxy-transaction-id: a28cc83e-6b4a-4009-a8e5-2263b71700d2\r\nx-ms-proxy-service-name: proxy-appproxy-CUS-DSM01P-5\r\nx-ms-proxy-data-center: CUS\r\nx-ms-proxy-connector-id: b2ac44f9-beff-491d-9a75-7afbcfd67f43\r\nContent-Security-Policy: upgrade-insecure-requests\r\nReferrer-Policy: same-origin\r\nStrict-Transport-Security: max-age=2592000, max-age=31536000; includeSubDomains\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nNel: {\u0022report_to\u0022:\u0022network-errors\u0022,\u0022max_age\u0022:86400,\u0022success_fraction\u0022:0.001,\u0022failure_fraction\u0022:1.0}\r\nReport-To: {\u0022group\u0022:\u0022network-errors\u0022,\u0022max_age\u0022:86400,\u0022endpoints\u0022:[{\u0022url\u0022:\u0022https://ffde.nelreports.net/api/report?cat=proxy-appproxy-CUS-DSM01P-5\u0022}]}\r\nDate: Tue, 27 Jan 2026 22:46:25 GMT\r\n",
  "ContentHeaders": "Expires: -1\r\n",
  "Body": "",
  "Timestamp": "2026-01-27T22:46:25.504791Z"
}
BackchannelRequest 22:46:24.915 
{
  "Method": "POST",
  "Url": "https://ssostaging.mba.org/connect/token",
  "Headers": "User-Agent: Microsoft ASP.NET Core OpenIdConnect handler\r\n",
  "ContentHeaders": "Content-Type: application/x-www-form-urlencoded; charset=utf-8\r\n",
  "Body": "client_id=76f8ecbd-46e2-4d42-afdf-21d737918aec\u0026client_secret=*****REDACTED*****\u0026code=0BC1857A9DECD44327C95DE2300A47CADDB1EBBA024DE2EEE44AD605639D4930\u0026grant_type=authorization_code\u0026redirect_uri=https%3A%2F%2Fssotest.sprintend.com",
  "Timestamp": "2026-01-27T22:46:24.9153712Z"
}
AuthorizationCodeReceived 22:46:24.915 
{
  "Code": "0BC1857A9DECD44327C95DE2300A47CADDB1EBBA024DE2EEE44AD605639D4930",
  "State": "f252141a86a44836821e2243684253cb",
  "TokenRequestRedirectUri": "https://ssotest.sprintend.com",
  "Timestamp": "2026-01-27T22:46:24.9152119Z"
}
MessageReceived 22:46:24.914 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:46:24.9149593Z"
}
RedirectToIdentityProvider 22:46:24.687 
{
  "AuthorizationEndpoint": null,
  "ClientId": "76f8ecbd-46e2-4d42-afdf-21d737918aec",
  "RedirectUri": "https://ssotest.sprintend.com",
  "Scope": "openid profile email custom",
  "ResponseType": "code",
  "State": "f252141a86a44836821e2243684253cb",
  "Nonce": "639051507846873596.ZDNmZDFhZWEtNTNmNS00MTg0LWJlZjAtMjNmNDczZGM3Nzc1NjIxOTEyZjYtODZjZC00NjA5LWJkZTktMzA1ZmNmZTU3MDVi",
  "FullRequestUrl": "https://ssostaging.mba.org/connect/authorize?client_id=76f8ecbd-46e2-4d42-afdf-21d737918aec\u0026redirect_uri=https%3A%2F%2Fssotest.sprintend.com\u0026response_type=code\u0026scope=openid%20profile%20email%20custom\u0026response_mode=form_post\u0026nonce=639051507846873596.ZDNmZDFhZWEtNTNmNS00MTg0LWJlZjAtMjNmNDczZGM3Nzc1NjIxOTEyZjYtODZjZC00NjA5LWJkZTktMzA1ZmNmZTU3MDVi\u0026state=f252141a86a44836821e2243684253cb\u0026x-client-SKU=ID_NET9_0\u0026x-client-ver=8.0.1.0"
}
RemoteFailure 22:46:16.618 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:46:16.6184688Z"
}
MessageReceived 22:46:16.618 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:46:16.6183578Z"
}
RemoteFailure 22:46:00.920 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:46:00.9207055Z"
}
MessageReceived 22:46:00.920 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:46:00.9205503Z"
}
AuthenticationFailed 22:44:38.316 
{
  "Error": "Failed to parse token response body as JSON. Status Code: 400. Content-Type: ",
  "ExceptionType": "OpenIdConnectProtocolException",
  "StackTrace": "   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)\r\n   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()",
  "InnerException": "IDX10000: The parameter \u0027json\u0027 cannot be a \u0027null\u0027 or an empty object.  (Parameter \u0027json\u0027)",
  "Timestamp": "2026-01-27T22:44:38.3165392Z"
}
BackchannelResponse 22:44:38.314 
{
  "StatusCode": 400,
  "ReasonPhrase": "Bad Request",
  "Headers": "Cache-Control: no-cache\r\nPragma: no-cache\r\nTransfer-Encoding: chunked\r\nx-ms-proxy-app-id: acdf266a-1a14-4869-a1a8-692d078c00e6\r\nx-ms-proxy-group-id: a9ae3327-78e1-4558-8b8b-14226c4f38ee\r\nx-ms-proxy-subscription-id: 867e5d11-bde4-499f-b45e-61572f9f337c\r\nx-ms-proxy-transaction-id: 40d4213b-e82b-4cd0-a968-aec7d8b2bbeb\r\nx-ms-proxy-service-name: proxy-appproxy-CUS-DSM01P-5\r\nx-ms-proxy-data-center: CUS\r\nx-ms-proxy-connector-id: b2ac44f9-beff-491d-9a75-7afbcfd67f43\r\nContent-Security-Policy: upgrade-insecure-requests\r\nReferrer-Policy: same-origin\r\nStrict-Transport-Security: max-age=2592000, max-age=31536000; includeSubDomains\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nNel: {\u0022report_to\u0022:\u0022network-errors\u0022,\u0022max_age\u0022:86400,\u0022success_fraction\u0022:0.001,\u0022failure_fraction\u0022:1.0}\r\nReport-To: {\u0022group\u0022:\u0022network-errors\u0022,\u0022max_age\u0022:86400,\u0022endpoints\u0022:[{\u0022url\u0022:\u0022https://ffde.nelreports.net/api/report?cat=proxy-appproxy-CUS-DSM01P-5\u0022}]}\r\nDate: Tue, 27 Jan 2026 22:44:38 GMT\r\n",
  "ContentHeaders": "Expires: -1\r\n",
  "Body": "",
  "Timestamp": "2026-01-27T22:44:38.3147747Z"
}
BackchannelRequest 22:44:38.125 
{
  "Method": "POST",
  "Url": "https://ssostaging.mba.org/connect/token",
  "Headers": "User-Agent: Microsoft ASP.NET Core OpenIdConnect handler\r\n",
  "ContentHeaders": "Content-Type: application/x-www-form-urlencoded; charset=utf-8\r\n",
  "Body": "client_id=76f8ecbd-46e2-4d42-afdf-21d737918aec\u0026client_secret=*****REDACTED*****\u0026code=BA69240585A77B4E5F497E813B5E6945DF787366CEADCE593DA4210785C93DAE\u0026grant_type=authorization_code\u0026redirect_uri=https%3A%2F%2Fssotest.sprintend.com",
  "Timestamp": "2026-01-27T22:44:38.1249963Z"
}
AuthorizationCodeReceived 22:44:38.124 
{
  "Code": "BA69240585A77B4E5F497E813B5E6945DF787366CEADCE593DA4210785C93DAE",
  "State": "70d9065b044343948f84006b318e4bc9",
  "TokenRequestRedirectUri": "https://ssotest.sprintend.com",
  "Timestamp": "2026-01-27T22:44:38.1247123Z"
}
MessageReceived 22:44:38.124 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:44:38.1245843Z"
}
RedirectToIdentityProvider 22:44:37.913 
{
  "AuthorizationEndpoint": null,
  "ClientId": "76f8ecbd-46e2-4d42-afdf-21d737918aec",
  "RedirectUri": "https://ssotest.sprintend.com",
  "Scope": "openid profile email custom",
  "ResponseType": "code",
  "State": "70d9065b044343948f84006b318e4bc9",
  "Nonce": "639051506779130227.M2U5NTczNjctOTQ5Mi00NjJhLWE0ZjEtMmQ5ODEwYzkwMTgwNjJjMTU1NzItZWU4MC00MmIzLTllMGUtMjJkN2Y5YjNkNjM0",
  "FullRequestUrl": "https://ssostaging.mba.org/connect/authorize?client_id=76f8ecbd-46e2-4d42-afdf-21d737918aec\u0026redirect_uri=https%3A%2F%2Fssotest.sprintend.com\u0026response_type=code\u0026scope=openid%20profile%20email%20custom\u0026response_mode=form_post\u0026nonce=639051506779130227.M2U5NTczNjctOTQ5Mi00NjJhLWE0ZjEtMmQ5ODEwYzkwMTgwNjJjMTU1NzItZWU4MC00MmIzLTllMGUtMjJkN2Y5YjNkNjM0\u0026state=70d9065b044343948f84006b318e4bc9\u0026x-client-SKU=ID_NET9_0\u0026x-client-ver=8.0.1.0"
}
AuthenticationFailed 22:43:51.975 
{
  "Error": "Failed to parse token response body as JSON. Status Code: 400. Content-Type: ",
  "ExceptionType": "OpenIdConnectProtocolException",
  "StackTrace": "   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)\r\n   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()",
  "InnerException": "IDX10000: The parameter \u0027json\u0027 cannot be a \u0027null\u0027 or an empty object.  (Parameter \u0027json\u0027)",
  "Timestamp": "2026-01-27T22:43:51.9758824Z"
}
BackchannelResponse 22:43:51.939 
{
  "StatusCode": 400,
  "ReasonPhrase": "Bad Request",
  "Headers": "Cache-Control: no-cache\r\nPragma: no-cache\r\nTransfer-Encoding: chunked\r\nx-ms-proxy-app-id: acdf266a-1a14-4869-a1a8-692d078c00e6\r\nx-ms-proxy-group-id: a9ae3327-78e1-4558-8b8b-14226c4f38ee\r\nx-ms-proxy-subscription-id: 867e5d11-bde4-499f-b45e-61572f9f337c\r\nx-ms-proxy-transaction-id: ba0fd718-fc13-43ec-a8cb-4336ab274520\r\nx-ms-proxy-service-name: proxy-appproxy-CUS-DSM01P-5\r\nx-ms-proxy-data-center: CUS\r\nx-ms-proxy-connector-id: b2ac44f9-beff-491d-9a75-7afbcfd67f43\r\nContent-Security-Policy: upgrade-insecure-requests\r\nReferrer-Policy: same-origin\r\nStrict-Transport-Security: max-age=2592000, max-age=31536000; includeSubDomains\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nNel: {\u0022report_to\u0022:\u0022network-errors\u0022,\u0022max_age\u0022:86400,\u0022success_fraction\u0022:0.001,\u0022failure_fraction\u0022:1.0}\r\nReport-To: {\u0022group\u0022:\u0022network-errors\u0022,\u0022max_age\u0022:86400,\u0022endpoints\u0022:[{\u0022url\u0022:\u0022https://ffde.nelreports.net/api/report?cat=proxy-appproxy-CUS-DSM01P-5\u0022}]}\r\nDate: Tue, 27 Jan 2026 22:43:51 GMT\r\n",
  "ContentHeaders": "Expires: -1\r\n",
  "Body": "",
  "Timestamp": "2026-01-27T22:43:51.9390579Z"
}
BackchannelRequest 22:43:50.869 
{
  "Method": "POST",
  "Url": "https://ssostaging.mba.org/connect/token",
  "Headers": "User-Agent: Microsoft ASP.NET Core OpenIdConnect handler\r\n",
  "ContentHeaders": "Content-Type: application/x-www-form-urlencoded; charset=utf-8\r\n",
  "Body": "client_id=76f8ecbd-46e2-4d42-afdf-21d737918aec\u0026client_secret=*****REDACTED*****\u0026code=25E06E45EB792BA4E9A26849CFEBFE72D519D016F4C435D2496201F5AA422650\u0026grant_type=authorization_code\u0026redirect_uri=https%3A%2F%2Fssotest.sprintend.com",
  "Timestamp": "2026-01-27T22:43:50.8695734Z"
}
AuthorizationCodeReceived 22:43:50.862 
{
  "Code": "25E06E45EB792BA4E9A26849CFEBFE72D519D016F4C435D2496201F5AA422650",
  "State": "f271e0c2b36c46d386157bd4394d1125",
  "TokenRequestRedirectUri": "https://ssotest.sprintend.com",
  "Timestamp": "2026-01-27T22:43:50.8627343Z"
}
MessageReceived 22:43:50.857 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:43:50.8571557Z"
}
RedirectToIdentityProvider 22:43:47.980 
{
  "AuthorizationEndpoint": null,
  "ClientId": "76f8ecbd-46e2-4d42-afdf-21d737918aec",
  "RedirectUri": "https://ssotest.sprintend.com",
  "Scope": "openid profile email custom",
  "ResponseType": "code",
  "State": "f271e0c2b36c46d386157bd4394d1125",
  "Nonce": "639051506279802127.OTgzOWRlZjktNzgzMC00ZjgyLWEzNDctZWZmMjQ0ZWYzNGY3YzdlMWUyYWEtZmVhMS00ZDkyLTkzYmUtZmQ2ZDk3MWM5YzFk",
  "FullRequestUrl": "https://ssostaging.mba.org/connect/authorize?client_id=76f8ecbd-46e2-4d42-afdf-21d737918aec\u0026redirect_uri=https%3A%2F%2Fssotest.sprintend.com\u0026response_type=code\u0026scope=openid%20profile%20email%20custom\u0026response_mode=form_post\u0026nonce=639051506279802127.OTgzOWRlZjktNzgzMC00ZjgyLWEzNDctZWZmMjQ0ZWYzNGY3YzdlMWUyYWEtZmVhMS00ZDkyLTkzYmUtZmQ2ZDk3MWM5YzFk\u0026state=f271e0c2b36c46d386157bd4394d1125\u0026x-client-SKU=ID_NET9_0\u0026x-client-ver=8.0.1.0"
}
RemoteFailure 22:43:33.673 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:43:33.6738095Z"
}
MessageReceived 22:43:33.673 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:43:33.6737204Z"
}
RemoteFailure 22:16:35.366 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:16:35.3668524Z"
}
MessageReceived 22:16:35.366 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:16:35.3666878Z"
}
RedirectToIdentityProvider 22:09:43.249 
{
  "AuthorizationEndpoint": null,
  "ClientId": "76f8ecbd-46e2-4d42-afdf-21d737918aec",
  "RedirectUri": "https://ssotest.sprintend.com",
  "Scope": "openid profile email custom",
  "ResponseType": "code",
  "State": "5fa3439708c14e98b2142ad2943fbfea",
  "Nonce": "639051485832491494.YzIyMTU5Y2ItZThhYi00NjVhLWEwYjQtYzJlOGZjOThiOTJmZjRkMjg1YWMtNGI4OC00MjdmLWI2OGMtNTcxNzc3NjQzYmE5",
  "FullRequestUrl": "https://ssostaging.mba.org/connect/authorize?client_id=76f8ecbd-46e2-4d42-afdf-21d737918aec\u0026redirect_uri=https%3A%2F%2Fssotest.sprintend.com\u0026response_type=code\u0026scope=openid%20profile%20email%20custom\u0026response_mode=form_post\u0026nonce=639051485832491494.YzIyMTU5Y2ItZThhYi00NjVhLWEwYjQtYzJlOGZjOThiOTJmZjRkMjg1YWMtNGI4OC00MjdmLWI2OGMtNTcxNzc3NjQzYmE5\u0026state=5fa3439708c14e98b2142ad2943fbfea\u0026x-client-SKU=ID_NET9_0\u0026x-client-ver=8.0.1.0"
}
RemoteFailure 22:09:42.642 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:09:42.6423328Z"
}
MessageReceived 22:09:42.642 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:09:42.6422788Z"
}
RemoteFailure 22:09:24.260 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:09:24.2601338Z"
}
MessageReceived 22:09:24.260 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:09:24.2600674Z"
}
RemoteFailure 22:09:15.557 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:09:15.5579472Z"
}
MessageReceived 22:09:15.557 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:09:15.5578902Z"
}
RemoteFailure 22:09:15.557 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:09:15.5575002Z"
}
MessageReceived 22:09:15.557 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:09:15.557439Z"
}
RemoteFailure 22:06:49.215 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:06:49.2150527Z"
}
MessageReceived 22:06:49.214 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:06:49.2149678Z"
}
RemoteFailure 22:01:46.397 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:01:46.3978497Z"
}
MessageReceived 22:01:46.397 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:01:46.3977345Z"
}
RemoteFailure 22:01:21.598 
{
  "Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
  "ExceptionType": "AuthenticationFailureException",
  "StackTrace": null,
  "InnerException": null,
  "Timestamp": "2026-01-27T22:01:21.5987575Z"
}
MessageReceived 22:01:21.598 
{
  "Error": null,
  "ErrorDescription": null,
  "ErrorUri": null,
  "Timestamp": "2026-01-27T22:01:21.5986983Z"
}
Troubleshooting Guide
Common Issues
redirect_uri_mismatch
The callback URL (https://ssotest.sprintend.com) must be registered exactly in the IDP's client configuration.
invalid_client
Check that Client ID and Client Secret are correct and the client is enabled on the IDP.
invalid_scope
One or more requested scopes are not allowed for this client. Check IDP configuration.
Token validation failed
Check issuer mismatch, clock skew, or JWKS key issues. Verify the Authority URL matches the token issuer.
SSL/Certificate errors
Ensure the IDP's SSL certificate is trusted. For development, you may need to trust the certificate.
CORS errors (browser console)
Usually indicates an IDP misconfiguration. Check IDP CORS settings.
Diagnostic Steps
  1. Click "Test IDP Endpoints" to verify the IDP is reachable
  2. Click "Start SSO Login" to initiate the flow
  3. Check the Event Log for detailed information at each step
  4. If authentication fails, the error and event log will show where it failed
  5. Compare the callback URL with what's registered in the IDP