Author: Kellen Fields
Date: April 20, 2023
Updated: September 2025
Audience: Agents and Admins
Environmental details: Self-Hosted, Replicated - KOTS
Summary
Some browsers introduced issues after updates that prevent successful login via SAML. Known problematic browser versions include:
Chrome: 123.0.6312.58, 123.0.6312.59
Edge: 123.0.2420.53 (64-bit)
When affected, users may see the error message:
Token validation failedAdditionally, attempts to access the login page via curl may show:
Invalid CORS requestSolution/Workarounds
Upgrade or downgrade your browser to a version outside the problematic range.
Ensure your browser is updated to the latest stable release, as fixes have been applied in newer versions.
Cause
The issue occurred because Microsoft Edge updated its policy AccessControlAllowMethodsInCORSPreflightSpecConformant, which caused certain cross-origin requests to fail. Chrome exhibited similar behavior in the listed versions. The issue was resolved in subsequent browser releases.
Prevention
Related Articles, Work orders, Zendesk tickets, Defects, etc.
Keep browsers up to date and monitor release notes for SAML or CORS-related changes.
Test SAML login functionality after major browser updates in self-hosted or replicated environments.
Comments
0 comments
Please sign in to leave a comment.