2 of 2 people found this helpful
The IDX10311 error that you mentioned can be caused by the browser not correctly sending a cookie to PI Vision when the browser is redirected back to PI Vision by the IdP. One potential situation where this can occur is when the redirect URL in your OpenID Connect client configuration uses a different domain name than is used to initially connect to PI Vision.
For example, when you first connect to PI Vision using a hostname:
But are then redirected back to PI Vision using FQDN (per your OID client config):
In this scenario, your browser receives a nonce in a cookie from myPIVisionServer but it will not send this cookie back when redirected instead to myPIVisionServer.abc.com, because your browser considers these to be different domains.
Are you connecting to PI Vision using the exact same domain name as your redirect_uri setting on your OpenID Connect client configuration? If not, please try doing so.
If you do not suspect the above reason for the issue, please inspect the first request made to PI Vision after being redirected back from your IdP, it should be a POST to /PIVision/ that includes a cookie header:
If this header is missing or does not include a value of "OpenIdConnect.nonce...", then a browser policy may be blocking the cookie from being sent.