Tomorrow’s early access build (15 October 2021) should include fixes for these issues.
The second issue (“Unable to retrieve user info from IDP”) will be fixed automatically with no configuration changes.
The first issue (“Invalid cookie header”) can be fixed by setting a system property in ignition.conf - here’s the relevant release note:
Exposed a new system property ignition.http.client.manager.cookieSpec to control the cookie parsing behavior of the IdP and Perspective HTTP Binding’s Http Client. This new system property may take one of the following values:
-
default: Default cookie specification that picks up the best matching cookie policy based on the format of cookies sent with the HTTP response. -
netscape: This CookieSpec implementation conforms to the original draft specification published by Netscape Communications. It should be avoided unless absolutely necessary for compatibility with legacy applications. -
standard: Standard CookieSpec implementation that enforces a more relaxed interpretation of the HTTP state management specification (RFC 6265, section 5) for interoperability with existing servers that do not conform to the well behaved profile (RFC 6265, section 4). -
standard-strict: Standard CookieSpec implementation that enforces syntax and semantics of the well-behaved profile of the HTTP state management specification (RFC 6265, section 4).
If the system prop is undefined or does not match any of the supported values, default value should be default, which is the spec that was used by default in Ignition versions before this system property was exposed.
For Auth0: standard or standard-strict should solve the problem.