This article provides an overview of the "Error: Invalid nonce binding cookie" error message and how to recover and authenticate again.
What’s the issue?
This specific scenario occurs when the authenticator faces a race condition in a web view dialog. Most commonly, we have seen these occur with PaloAlto GlobalConnect VPN and Cisco AnyConnect VPN clients attempting authentication. The race condition causes a scenario where the authentication itself is successful, but the response is processed as an error.
When attempting to authenticate, I am presented with an error
"Error: Invalid nonce binding cookie".
What’s the solution?
Retrying the authentication will work after a minute or two. Our engineering team is working on an enhancement to the authenticator that will mitigate the race condition.