From c6684195b12feb005806fc28a1fc6d6fd8328b63 Mon Sep 17 00:00:00 2001
From: sfc-gh-ext-simba-lf <lfarol@magnitude.com>
Date: Fri, 9 Feb 2024 09:48:18 -0800
Subject: [PATCH 1/7] SNOW-916949: Fix Okta retry for SSO/SAML endpoints

---
 .../Core/Authenticator/OktaAuthenticator.cs   | 156 +++++++++++++++---
 Snowflake.Data/Core/HttpUtil.cs               |  22 ++-
 Snowflake.Data/Core/RestParams.cs             |   6 +
 Snowflake.Data/Core/Session/SFSession.cs      |   6 +
 4 files changed, 162 insertions(+), 28 deletions(-)

diff --git a/Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs b/Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs
index 296bf518b..5df3975c4 100644
--- a/Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs
+++ b/Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs
@@ -12,6 +12,7 @@
 using Snowflake.Data.Client;
 using System.Text;
 using System.Web;
+using System.Linq;
 
 namespace Snowflake.Data.Core.Authenticator
 {
@@ -22,6 +23,9 @@ class OktaAuthenticator : BaseAuthenticator, IAuthenticator
     {
         private static readonly SFLogger logger = SFLoggerFactory.GetLogger<OktaAuthenticator>();
 
+        internal const string RetryCountHeader = "RetryCount";
+        internal const string TimeoutElapsedHeader = "TimeoutElapsed";
+
         /// <summary>
         /// url of the okta idp
         /// </summary>
@@ -59,23 +63,54 @@ async Task IAuthenticator.AuthenticateAsync(CancellationToken cancellationToken)
             logger.Debug("Checking token url");
             VerifyUrls(tokenUrl, oktaUrl);
 
-            logger.Debug("step 3: get idp onetime token");
-            IdpTokenRestRequest idpTokenRestRequest = BuildIdpTokenRestRequest(tokenUrl);
-            var idpResponse = await session.restRequester.PostAsync<IdpTokenResponse>(idpTokenRestRequest, cancellationToken).ConfigureAwait(false);
-            string onetimeToken = idpResponse.SessionToken != null ? idpResponse.SessionToken : idpResponse.CookieToken;
+            int retryCount = 0;
+            int timeoutElapsed = 0;
+            Exception lastRetryException = null;
+            HttpResponseMessage samlRawResponse = null;
 
-            logger.Debug("step 4: get SAML reponse from sso");
-            var samlRestRequest = BuildSAMLRestRequest(ssoUrl, onetimeToken);
-            using (var samlRawResponse = await session.restRequester.GetAsync(samlRestRequest, cancellationToken).ConfigureAwait(false))
-            { 
-                samlRawHtmlString = await samlRawResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
+            // If VerifyPostbackUrl() fails, retry with new onetimetoken
+            while (RetryLimitIsNotReached(retryCount, timeoutElapsed))
+            {
+                try
+                {
+                    logger.Debug("step 3: get idp onetime token");
+                    IdpTokenRestRequest idpTokenRestRequest = BuildIdpTokenRestRequest(tokenUrl);
+                    var idpResponse = await session.restRequester.PostAsync<IdpTokenResponse>(idpTokenRestRequest, cancellationToken).ConfigureAwait(false);
+                    string onetimeToken = idpResponse.SessionToken != null ? idpResponse.SessionToken : idpResponse.CookieToken;
+
+                    logger.Debug("step 4: get SAML reponse from sso");
+                    var samlRestRequest = BuildSAMLRestRequest(ssoUrl, onetimeToken);
+                    samlRawResponse = await session.restRequester.GetAsync(samlRestRequest, cancellationToken).ConfigureAwait(false);
+                    samlRawHtmlString = await samlRawResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
+
+                    logger.Debug("step 5: verify postback url in SAML reponse");
+                    VerifyPostbackUrl();
+
+                    logger.Debug("step 6: send SAML reponse to snowflake to login");
+                    await base.LoginAsync(cancellationToken).ConfigureAwait(false);
+                    break;
+                }
+                catch (Exception ex)
+                {
+                    lastRetryException = ex;
+                    if (IsPostbackUrlNotFound(lastRetryException))
+                    {
+                        logger.Info("Refreshing token for Okta re-authentication and starting from step 3 again");
+
+                        // Get the current retry count and timeout elapsed from the response headers
+                        retryCount += int.Parse(samlRawResponse.Content.Headers.GetValues(RetryCountHeader).First());
+                        timeoutElapsed += int.Parse(samlRawResponse.Content.Headers.GetValues(TimeoutElapsedHeader).First());
+                    }
+                    else
+                    {
+                        logger.Error("Failed to get the correct SAML response from Okta", ex);
+                        throw;
+                    }
+                }
             }
 
-            logger.Debug("step 5: verify postback url in SAML reponse");
-            VerifyPostbackUrl();
-
-            logger.Debug("step 6: send SAML reponse to snowflake to login");
-            await base.LoginAsync(cancellationToken).ConfigureAwait(false);  
+            // Throw exception if max retry count or max timeout has been reached
+            ThrowRetryLimitException(retryCount, timeoutElapsed, lastRetryException);
         }
 
         void IAuthenticator.Authenticate()
@@ -95,23 +130,55 @@ void IAuthenticator.Authenticate()
             logger.Debug("Checking token url");
             VerifyUrls(tokenUrl, oktaUrl);
 
-            logger.Debug("step 3: get idp onetime token");
-            IdpTokenRestRequest idpTokenRestRequest = BuildIdpTokenRestRequest(tokenUrl);
-            var idpResponse =  session.restRequester.Post<IdpTokenResponse>(idpTokenRestRequest);
-            string onetimeToken = idpResponse.SessionToken != null ? idpResponse.SessionToken : idpResponse.CookieToken;
+            int retryCount = 0;
+            int timeoutElapsed = 0;
+            Exception lastRetryException = null;
+            HttpResponseMessage samlRawResponse = null;
 
-            logger.Debug("step 4: get SAML reponse from sso");
-            var samlRestRequest = BuildSAMLRestRequest(ssoUrl, onetimeToken);
-            using (var samlRawResponse = session.restRequester.Get(samlRestRequest))
+            // If VerifyPostbackUrl() fails, retry with new onetimetoken
+            while (RetryLimitIsNotReached(retryCount, timeoutElapsed))
             {
-                samlRawHtmlString = Task.Run(async () => await samlRawResponse.Content.ReadAsStringAsync().ConfigureAwait(false)).Result;
-            }
+                try
+                {
+                    logger.Debug("step 3: get idp onetime token");
+                    IdpTokenRestRequest idpTokenRestRequest = BuildIdpTokenRestRequest(tokenUrl);
+                    var idpResponse =  session.restRequester.Post<IdpTokenResponse>(idpTokenRestRequest);
+                    string onetimeToken = idpResponse.SessionToken != null ? idpResponse.SessionToken : idpResponse.CookieToken;
+
+                    logger.Debug("step 4: get SAML reponse from sso");
+                    var samlRestRequest = BuildSAMLRestRequest(ssoUrl, onetimeToken);
+                    samlRawResponse = session.restRequester.Get(samlRestRequest);
+                    samlRawHtmlString = Task.Run(async () => await samlRawResponse.Content.ReadAsStringAsync().ConfigureAwait(false)).Result;
 
-            logger.Debug("step 5: verify postback url in SAML reponse");
-            VerifyPostbackUrl();
+                    logger.Debug("step 5: verify postback url in SAML reponse");
+                    VerifyPostbackUrl();
 
-            logger.Debug("step 6: send SAML reponse to snowflake to login");
-            base.Login();
+
+                    logger.Debug("step 6: send SAML reponse to snowflake to login");
+                    base.Login();
+                    break;
+                }
+                catch(Exception ex)
+                {
+                    lastRetryException = ex;
+                    if (IsPostbackUrlNotFound(lastRetryException))
+                    {
+                        logger.Debug("Refreshing token for Okta re-authentication and starting from step 3 again");
+
+                        // Get the current retry count and timeout elapsed from the response headers
+                        retryCount += int.Parse(samlRawResponse.Content.Headers.GetValues(RetryCountHeader).First());
+                        timeoutElapsed += int.Parse(samlRawResponse.Content.Headers.GetValues(TimeoutElapsedHeader).First());
+                    }
+                    else
+                    {
+                        logger.Error("Failed to get the correct SAML response from Okta", ex);
+                        throw;
+                    }
+                }
+            }
+
+            // Throw exception if max retry count or max timeout has been reached
+            ThrowRetryLimitException(retryCount, timeoutElapsed, lastRetryException);
         }
 
         private SFRestRequest BuildAuthenticatorRestRequest()
@@ -215,6 +282,41 @@ private void FilterFailedResponse(BaseRestResponse response)
                 throw e;
             }
         }
+
+        private bool RetryLimitIsNotReached(int retryCount, int timeoutElapsed)
+        {
+            return retryCount < session._maxRetryCount && timeoutElapsed < session._maxRetryTimeout;
+        }
+
+        private bool IsPostbackUrlNotFound(Exception ex)
+        {
+            if (ex is SnowflakeDbException)
+            {
+                SnowflakeDbException error = ex as SnowflakeDbException;
+                return error.ErrorCode == SFError.IDP_SAML_POSTBACK_NOTFOUND.GetAttribute<SFErrorAttr>().errorCode;
+            }
+
+            return false;
+        }
+
+        private void ThrowRetryLimitException(int retryCount, int timeoutElapsed, Exception lastRetryException)
+        {
+            string errorMessage = "";
+            if (retryCount >= session._maxRetryCount)
+            {
+                errorMessage = $"The retry count has reached its limit of {session._maxRetryCount}";
+            }
+            if (timeoutElapsed >= session._maxRetryTimeout)
+            {
+                errorMessage += string.IsNullOrEmpty(errorMessage) ? "The" : " and the";
+                errorMessage += $" timeout elapsed has reached its limit of {session._maxRetryTimeout}";
+
+            }
+            errorMessage += " while trying to authenticate through Okta";
+
+            logger.Error(errorMessage);
+            throw new SnowflakeDbException(lastRetryException, SFError.INTERNAL_ERROR, errorMessage);
+        }
     }
 
     internal class IdpTokenRestRequest : BaseRestRequest, IRestRequest
diff --git a/Snowflake.Data/Core/HttpUtil.cs b/Snowflake.Data/Core/HttpUtil.cs
index b48d5a3a9..9c5e22442 100755
--- a/Snowflake.Data/Core/HttpUtil.cs
+++ b/Snowflake.Data/Core/HttpUtil.cs
@@ -14,6 +14,7 @@
 using System.Security.Authentication;
 using System.Runtime.InteropServices;
 using System.Linq;
+using Snowflake.Data.Core.Authenticator;
 
 namespace Snowflake.Data.Core
 {
@@ -342,7 +343,9 @@ protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage
                 CancellationToken cancellationToken)
             {
                 HttpResponseMessage response = null;
-                bool isLoginRequest = IsLoginEndpoint(requestMessage.RequestUri.AbsolutePath);
+                string absolutePath = requestMessage.RequestUri.AbsolutePath;
+                bool isLoginRequest = IsLoginEndpoint(absolutePath);
+                bool isOktaSSORequest = IsOktaSSORequest(requestMessage.RequestUri.Host, absolutePath);
                 int backOffInSec = s_baseBackOffTime;
                 int totalRetryTime = 0;
 
@@ -411,6 +414,12 @@ protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage
 
                     if (response != null)
                     {
+                        if (isOktaSSORequest)
+                        {
+                            response.Content.Headers.Add(OktaAuthenticator.RetryCountHeader, retryCount.ToString());
+                            response.Content.Headers.Add(OktaAuthenticator.TimeoutElapsedHeader, totalRetryTime.ToString());
+                        }
+
                         if (response.IsSuccessStatusCode)
                         {
                             logger.Debug($"Success Response: StatusCode: {(int)response.StatusCode}, ReasonPhrase: '{response.ReasonPhrase}'");
@@ -534,6 +543,17 @@ static internal bool IsLoginEndpoint(string endpoint)
         {
             return null != s_supportedEndpointsForRetryPolicy.FirstOrDefault(ep => endpoint.Equals(ep));
         }
+
+        /// <summary>
+        /// Checks if request is for Okta and an SSO SAML endpoint.
+        /// </summary>
+        /// <param name="host">The host url to check.</param>
+        /// <param name="endpoint">The endpoint to check.</param>
+        /// <returns>True if the endpoint is an okta sso saml request, false otherwise.</returns>
+        static internal bool IsOktaSSORequest(string host, string endpoint)
+        {
+            return host.Contains(OktaUrl.DOMAIN) && endpoint.Contains(OktaUrl.SSO_SAML_PATH);
+        }
     }
 }
 
diff --git a/Snowflake.Data/Core/RestParams.cs b/Snowflake.Data/Core/RestParams.cs
index 1188affb0..9dd4de8c8 100644
--- a/Snowflake.Data/Core/RestParams.cs
+++ b/Snowflake.Data/Core/RestParams.cs
@@ -44,6 +44,12 @@ internal static class RestPath
         internal const string SF_CONSOLE_LOGIN = "/console/login";
     }
 
+    internal static class OktaUrl
+    {
+        internal const string DOMAIN = "okta.com";
+        internal const string SSO_SAML_PATH = "/sso/saml";
+    }
+
     internal class SFEnvironment
     {
         static SFEnvironment()
diff --git a/Snowflake.Data/Core/Session/SFSession.cs b/Snowflake.Data/Core/Session/SFSession.cs
index 2ad440407..e39370f19 100755
--- a/Snowflake.Data/Core/Session/SFSession.cs
+++ b/Snowflake.Data/Core/Session/SFSession.cs
@@ -79,6 +79,10 @@ public class SFSession
 
         internal bool _disableConsoleLogin;
 
+        internal int _maxRetryCount;
+
+        internal int _maxRetryTimeout;
+
         internal void ProcessLoginResponse(LoginResponse authnResponse)
         {
             if (authnResponse.success)
@@ -164,6 +168,8 @@ internal SFSession(
                 connectionTimeout = extractedProperties.TimeoutDuration();
                 properties.TryGetValue(SFSessionProperty.CLIENT_CONFIG_FILE, out var easyLoggingConfigFile);
                 _easyLoggingStarter.Init(easyLoggingConfigFile);
+                _maxRetryCount = extractedProperties.maxHttpRetries;
+                _maxRetryTimeout = extractedProperties.retryTimeout;
             }
             catch (Exception e)
             {

From 0fd4856de7c07ca5f8b368e2b88a21cc425cfa53 Mon Sep 17 00:00:00 2001
From: sfc-gh-ext-simba-lf <lfarol@magnitude.com>
Date: Fri, 9 Feb 2024 10:08:56 -0800
Subject: [PATCH 2/7] SNOW-916949: Add tests

---
 .../IntegrationTests/SFConnectionIT.cs        | 71 +++++++++++++++++++
 .../Mock/MockOktaRetryMaxTimeout.cs           | 55 ++++++++++++++
 .../UnitTests/HttpUtilTest.cs                 | 18 +++++
 Snowflake.Data.Tests/UnitTests/SFOktaTest.cs  | 12 +++-
 4 files changed, 154 insertions(+), 2 deletions(-)
 create mode 100644 Snowflake.Data.Tests/Mock/MockOktaRetryMaxTimeout.cs

diff --git a/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs b/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs
index 5a4976162..2470068eb 100644
--- a/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs
+++ b/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs
@@ -817,6 +817,40 @@ public void TestOktaConnection()
             }
         }
 
+        [Test]
+        public void TestOktaConnectionUntilMaxTimeout()
+        {
+            var expectedMaxRetryCount = 15;
+            var expectedMaxConnectionTimeout = 450;
+            var mockRestRequester = new MockOktaRetryMaxTimeout(expectedMaxRetryCount, expectedMaxConnectionTimeout);
+            using (DbConnection conn = new MockSnowflakeDbConnection(mockRestRequester))
+            {
+                try
+                {
+                    conn.ConnectionString
+                        = ConnectionStringWithoutAuth
+                        + String.Format(
+                            ";authenticator={0};user={1};password={2};MAXHTTPRETRIES={3};RETRY_TIMEOUT={4};",
+                            testConfig.oktaUrl,
+                            testConfig.oktaUser,
+                            testConfig.oktaPassword,
+                            expectedMaxRetryCount,
+                            expectedMaxConnectionTimeout);
+                    conn.Open();
+                    Assert.Fail();
+                }
+                catch (Exception e)
+                {
+                    Assert.IsInstanceOf<SnowflakeDbException>(e);
+                    Assert.AreEqual(SFError.INTERNAL_ERROR.GetAttribute<SFErrorAttr>().errorCode, ((SnowflakeDbException)e).ErrorCode);
+                    Assert.IsTrue(e.Message.Contains(
+                        $"The retry count has reached its limit of {expectedMaxRetryCount} and " +
+                        $"the timeout elapsed has reached its limit of {expectedMaxConnectionTimeout} " +
+                        "while trying to authenticate through Okta"));
+                }
+            }
+        }
+
         [Test]
         [Ignore("This test requires manual setup and therefore cannot be run in CI")]
         public void TestOkta2ConnectionsFollowingEachOther()
@@ -2056,6 +2090,43 @@ public void TestExplicitTransactionOperationsTracked()
                 Assert.AreEqual(false, conn.HasActiveExplicitTransaction());
             }
         }
+
+
+        [Test]
+        public void TestAsyncOktaConnectionUntilMaxTimeout()
+        {
+            var expectedMaxRetryCount = 15;
+            var expectedMaxConnectionTimeout = 450;
+            var mockRestRequester = new MockOktaRetryMaxTimeout(expectedMaxRetryCount, expectedMaxConnectionTimeout);
+            using (DbConnection conn = new MockSnowflakeDbConnection(mockRestRequester))
+            {
+                Task connectTask = null;
+                try
+                {
+                    conn.ConnectionString
+                        = ConnectionStringWithoutAuth
+                        + String.Format(
+                            ";authenticator={0};user={1};password={2};MAXHTTPRETRIES={3};RETRY_TIMEOUT={4};",
+                            testConfig.oktaUrl,
+                            testConfig.oktaUser,
+                            testConfig.oktaPassword,
+                            expectedMaxRetryCount,
+                            expectedMaxConnectionTimeout);
+                    connectTask = conn.OpenAsync(CancellationToken.None);
+                    connectTask.Wait();
+                    Assert.Fail();
+                }
+                catch (Exception e)
+                {
+                    Assert.IsInstanceOf<SnowflakeDbException>(e.InnerException);
+                    Assert.AreEqual(SFError.INTERNAL_ERROR.GetAttribute<SFErrorAttr>().errorCode, ((SnowflakeDbException)e.InnerException).ErrorCode);
+                    Assert.IsTrue(e.InnerException.InnerException.Message.Contains(
+                        $"The retry count has reached its limit of {expectedMaxRetryCount} and " +
+                        $"the timeout elapsed has reached its limit of {expectedMaxConnectionTimeout} " +
+                        "while trying to authenticate through Okta"));
+                }
+            }
+        }
     }
 }
 
diff --git a/Snowflake.Data.Tests/Mock/MockOktaRetryMaxTimeout.cs b/Snowflake.Data.Tests/Mock/MockOktaRetryMaxTimeout.cs
new file mode 100644
index 000000000..20f7c573d
--- /dev/null
+++ b/Snowflake.Data.Tests/Mock/MockOktaRetryMaxTimeout.cs
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2024 Snowflake Computing Inc. All rights reserved.
+ */
+
+using Newtonsoft.Json;
+using Snowflake.Data.Core;
+using Snowflake.Data.Core.Authenticator;
+using System;
+using System.Net.Http;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+
+namespace Snowflake.Data.Tests.Mock
+{
+
+    class MockOktaRetryMaxTimeout : RestRequester, IMockRestRequester
+    {
+        internal bool _forceTimeoutForNonLoginRequestsOnly = false;
+        internal int _maxRetryCount;
+        internal int _maxRetryTimeout;
+
+        public MockOktaRetryMaxTimeout(int maxRetryCount, int maxRetryTimeout) : base(null)
+        {
+            _maxRetryCount = maxRetryCount;
+            _maxRetryTimeout = maxRetryTimeout;
+        }
+
+        public void setHttpClient(HttpClient httpClient)
+        {
+            _HttpClient = httpClient;
+        }
+
+        protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage message,
+                                                              TimeSpan restTimeout,
+                                                              CancellationToken externalCancellationToken,
+                                                              string sid = "")
+        {
+            if (HttpUtil.IsOktaSSORequest(message.RequestUri.Host, message.RequestUri.AbsolutePath))
+            {
+                var mockContent = new StringContent(JsonConvert.SerializeObject("<form=error}"), Encoding.UTF8, "application/json");
+                mockContent.Headers.Add(OktaAuthenticator.RetryCountHeader, _maxRetryCount.ToString());
+                mockContent.Headers.Add(OktaAuthenticator.TimeoutElapsedHeader, _maxRetryTimeout.ToString());
+
+                return new HttpResponseMessage
+                {
+                    StatusCode = System.Net.HttpStatusCode.OK,
+                    Content = mockContent
+                };
+            }
+
+            return await base.SendAsync(message, restTimeout, externalCancellationToken).ConfigureAwait(false);
+        }
+    }
+}
diff --git a/Snowflake.Data.Tests/UnitTests/HttpUtilTest.cs b/Snowflake.Data.Tests/UnitTests/HttpUtilTest.cs
index bf8063a7f..668db5f91 100644
--- a/Snowflake.Data.Tests/UnitTests/HttpUtilTest.cs
+++ b/Snowflake.Data.Tests/UnitTests/HttpUtilTest.cs
@@ -58,6 +58,24 @@ public void TestIsLoginUrl(string requestUrl, bool expectedIsLoginEndpoint)
             Assert.AreEqual(expectedIsLoginEndpoint, isLoginEndpoint);
         }
 
+        // Parameters: request url, expected value
+        [TestCase("https://dev.okta.com/sso/saml", true)]
+        [TestCase("https://test.snowflakecomputing.com/session/v1/login-request", false)]
+        [TestCase("https://test.snowflakecomputing.com/session/authenticator-request", false)]
+        [TestCase("https://test.snowflakecomputing.com/session/token-request", false)]
+        [Test]
+        public void TestIsOktaSSORequest(string requestUrl, bool expectedIsOktaSSORequest)
+        {
+            // given
+            var uri = new Uri(requestUrl);
+
+            // when
+            bool isOktaSSORequest = HttpUtil.IsOktaSSORequest(uri.Host, uri.AbsolutePath);
+
+            // then
+            Assert.AreEqual(expectedIsOktaSSORequest, isOktaSSORequest);
+        }
+
         // Parameters: time in seconds
         [TestCase(4)]
         [TestCase(8)]
diff --git a/Snowflake.Data.Tests/UnitTests/SFOktaTest.cs b/Snowflake.Data.Tests/UnitTests/SFOktaTest.cs
index 5de0c6c06..8b5c9dc55 100644
--- a/Snowflake.Data.Tests/UnitTests/SFOktaTest.cs
+++ b/Snowflake.Data.Tests/UnitTests/SFOktaTest.cs
@@ -1,6 +1,7 @@
 using NUnit.Framework;
 using Snowflake.Data.Client;
 using Snowflake.Data.Core;
+using Snowflake.Data.Core.Authenticator;
 using System.Net.Http;
 
 namespace Snowflake.Data.Tests.UnitTests
@@ -33,6 +34,10 @@ public void TestSsoTokenUrlMismatch()
         [Test]
         public void TestMissingPostbackUrl()
         {
+            const int retryCount = 1;
+            const int retryTimeout = 1;
+            noPostbackContent.Headers.Add(OktaAuthenticator.RetryCountHeader, retryCount.ToString());
+            noPostbackContent.Headers.Add(OktaAuthenticator.TimeoutElapsedHeader, retryTimeout.ToString());
             try
             {
                 var restRequester = new Mock.MockOktaRestRequester()
@@ -41,13 +46,16 @@ public void TestMissingPostbackUrl()
                     SSOUrl = "https://snowflakecomputing.okta.com/app/snowflake_testaccountdev_1/blah/sso/saml",
                     ResponseContent = noPostbackContent,
                 };
-                var sfSession = new SFSession("account=test;user=test;password=test;authenticator=https://snowflakecomputing.okta.com;host=test", null, restRequester);
+                var sfSession = new SFSession("account=test;user=test;password=test;authenticator=https://snowflakecomputing.okta.com;" +
+                    $"host=test;MAXHTTPRETRIES={retryCount};RETRY_TIMEOUT={retryTimeout};", null, restRequester);
                 sfSession.Open();
                 Assert.Fail("Should not pass");
             } catch (SnowflakeDbException e)
             {
-                Assert.AreEqual(SFError.IDP_SAML_POSTBACK_NOTFOUND.GetAttribute<SFErrorAttr>().errorCode, e.ErrorCode);
+                Assert.AreEqual(SFError.IDP_SAML_POSTBACK_NOTFOUND.GetAttribute<SFErrorAttr>().errorCode, ((SnowflakeDbException)e.InnerException).ErrorCode);
             }
+            noPostbackContent.Headers.Remove(OktaAuthenticator.RetryCountHeader);
+            noPostbackContent.Headers.Remove(OktaAuthenticator.TimeoutElapsedHeader);
         }
 
         [Test]

From 5bed4df12320e5d4591fba9f3673338a82874f4f Mon Sep 17 00:00:00 2001
From: sfc-gh-ext-simba-lf <lfarol@magnitude.com>
Date: Fri, 9 Feb 2024 12:48:25 -0800
Subject: [PATCH 3/7] SNOW-916949: Skip test that require manual setup

---
 Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs b/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs
index 2470068eb..f312a02bc 100644
--- a/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs
+++ b/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs
@@ -818,6 +818,7 @@ public void TestOktaConnection()
         }
 
         [Test]
+        [Ignore("This test requires manual setup and therefore cannot be run in CI")]
         public void TestOktaConnectionUntilMaxTimeout()
         {
             var expectedMaxRetryCount = 15;
@@ -2093,6 +2094,7 @@ public void TestExplicitTransactionOperationsTracked()
 
 
         [Test]
+        [Ignore("This test requires manual setup and therefore cannot be run in CI")]
         public void TestAsyncOktaConnectionUntilMaxTimeout()
         {
             var expectedMaxRetryCount = 15;

From a572300f1d90406387118304761656d9ca39c075 Mon Sep 17 00:00:00 2001
From: sfc-gh-ext-simba-lf <lfarol@magnitude.com>
Date: Fri, 9 Feb 2024 14:18:51 -0800
Subject: [PATCH 4/7] SNOW-916949: Refactor mock class and remove skip tag

---
 .../IntegrationTests/SFConnectionIT.cs        | 38 ++++++++-----
 Snowflake.Data.Tests/Mock/MockOkta.cs         |  4 ++
 .../Mock/MockOktaRetryMaxTimeout.cs           | 55 -------------------
 Snowflake.Data.Tests/UnitTests/SFOktaTest.cs  | 18 +++---
 .../Core/Authenticator/OktaAuthenticator.cs   |  1 -
 5 files changed, 38 insertions(+), 78 deletions(-)
 delete mode 100644 Snowflake.Data.Tests/Mock/MockOktaRetryMaxTimeout.cs

diff --git a/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs b/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs
index f312a02bc..534d90a58 100644
--- a/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs
+++ b/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs
@@ -17,6 +17,7 @@ namespace Snowflake.Data.Tests.IntegrationTests
     using System.Diagnostics;
     using Snowflake.Data.Tests.Mock;
     using System.Runtime.InteropServices;
+    using System.Net.Http;
 
     [TestFixture]
     class SFConnectionIT : SFBaseTest
@@ -818,12 +819,19 @@ public void TestOktaConnection()
         }
 
         [Test]
-        [Ignore("This test requires manual setup and therefore cannot be run in CI")]
         public void TestOktaConnectionUntilMaxTimeout()
         {
             var expectedMaxRetryCount = 15;
             var expectedMaxConnectionTimeout = 450;
-            var mockRestRequester = new MockOktaRetryMaxTimeout(expectedMaxRetryCount, expectedMaxConnectionTimeout);
+            var oktaUrl = "https://test.okta.com";
+            var mockRestRequester = new MockOktaRestRequester()
+            {
+                TokenUrl = $"{oktaUrl}/api/v1/sessions?additionalFields=cookieToken",
+                SSOUrl = $"{oktaUrl}/app/testaccount/sso/saml",
+                ResponseContent = new StringContent("<form=error}"),
+                MaxRetryCount = expectedMaxRetryCount,
+                MaxRetryTimeout = expectedMaxConnectionTimeout
+            };
             using (DbConnection conn = new MockSnowflakeDbConnection(mockRestRequester))
             {
                 try
@@ -831,10 +839,8 @@ public void TestOktaConnectionUntilMaxTimeout()
                     conn.ConnectionString
                         = ConnectionStringWithoutAuth
                         + String.Format(
-                            ";authenticator={0};user={1};password={2};MAXHTTPRETRIES={3};RETRY_TIMEOUT={4};",
-                            testConfig.oktaUrl,
-                            testConfig.oktaUser,
-                            testConfig.oktaPassword,
+                            ";authenticator={0};user=test;password=test;MAXHTTPRETRIES={1};RETRY_TIMEOUT={2};",
+                            oktaUrl,
                             expectedMaxRetryCount,
                             expectedMaxConnectionTimeout);
                     conn.Open();
@@ -2094,27 +2100,31 @@ public void TestExplicitTransactionOperationsTracked()
 
 
         [Test]
-        [Ignore("This test requires manual setup and therefore cannot be run in CI")]
         public void TestAsyncOktaConnectionUntilMaxTimeout()
         {
             var expectedMaxRetryCount = 15;
             var expectedMaxConnectionTimeout = 450;
-            var mockRestRequester = new MockOktaRetryMaxTimeout(expectedMaxRetryCount, expectedMaxConnectionTimeout);
+            var oktaUrl = "https://test.okta.com";
+            var mockRestRequester = new MockOktaRestRequester()
+            {
+                TokenUrl = $"{oktaUrl}/api/v1/sessions?additionalFields=cookieToken",
+                SSOUrl = $"{oktaUrl}/app/testaccount/sso/saml",
+                ResponseContent = new StringContent("<form=error}"),
+                MaxRetryCount = expectedMaxRetryCount,
+                MaxRetryTimeout = expectedMaxConnectionTimeout
+            };
             using (DbConnection conn = new MockSnowflakeDbConnection(mockRestRequester))
             {
-                Task connectTask = null;
                 try
                 {
                     conn.ConnectionString
                         = ConnectionStringWithoutAuth
                         + String.Format(
-                            ";authenticator={0};user={1};password={2};MAXHTTPRETRIES={3};RETRY_TIMEOUT={4};",
-                            testConfig.oktaUrl,
-                            testConfig.oktaUser,
-                            testConfig.oktaPassword,
+                            ";authenticator={0};user=test;password=test;MAXHTTPRETRIES={1};RETRY_TIMEOUT={2};",
+                            oktaUrl,
                             expectedMaxRetryCount,
                             expectedMaxConnectionTimeout);
-                    connectTask = conn.OpenAsync(CancellationToken.None);
+                    Task connectTask = conn.OpenAsync(CancellationToken.None);
                     connectTask.Wait();
                     Assert.Fail();
                 }
diff --git a/Snowflake.Data.Tests/Mock/MockOkta.cs b/Snowflake.Data.Tests/Mock/MockOkta.cs
index 8c39bf74e..d83c5d1f5 100644
--- a/Snowflake.Data.Tests/Mock/MockOkta.cs
+++ b/Snowflake.Data.Tests/Mock/MockOkta.cs
@@ -16,6 +16,8 @@ class MockOktaRestRequester : IMockRestRequester
         public string TokenUrl { get; set; }
         public string SSOUrl { get; set; }
         public StringContent ResponseContent { get; set; }
+        public int MaxRetryCount { get; set; }
+        public int MaxRetryTimeout { get; set; }
 
         public T Get<T>(IRestRequest request)
         {
@@ -31,6 +33,8 @@ public Task<HttpResponseMessage> GetAsync(IRestRequest request, CancellationToke
         {
             var response = new HttpResponseMessage(System.Net.HttpStatusCode.OK);
             response.Content = ResponseContent;
+            response.Content.Headers.Add(OktaAuthenticator.RetryCountHeader, MaxRetryCount.ToString());
+            response.Content.Headers.Add(OktaAuthenticator.TimeoutElapsedHeader, MaxRetryTimeout.ToString());
             return Task.FromResult(response);
         }
 
diff --git a/Snowflake.Data.Tests/Mock/MockOktaRetryMaxTimeout.cs b/Snowflake.Data.Tests/Mock/MockOktaRetryMaxTimeout.cs
deleted file mode 100644
index 20f7c573d..000000000
--- a/Snowflake.Data.Tests/Mock/MockOktaRetryMaxTimeout.cs
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 2024 Snowflake Computing Inc. All rights reserved.
- */
-
-using Newtonsoft.Json;
-using Snowflake.Data.Core;
-using Snowflake.Data.Core.Authenticator;
-using System;
-using System.Net.Http;
-using System.Text;
-using System.Threading;
-using System.Threading.Tasks;
-
-namespace Snowflake.Data.Tests.Mock
-{
-
-    class MockOktaRetryMaxTimeout : RestRequester, IMockRestRequester
-    {
-        internal bool _forceTimeoutForNonLoginRequestsOnly = false;
-        internal int _maxRetryCount;
-        internal int _maxRetryTimeout;
-
-        public MockOktaRetryMaxTimeout(int maxRetryCount, int maxRetryTimeout) : base(null)
-        {
-            _maxRetryCount = maxRetryCount;
-            _maxRetryTimeout = maxRetryTimeout;
-        }
-
-        public void setHttpClient(HttpClient httpClient)
-        {
-            _HttpClient = httpClient;
-        }
-
-        protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage message,
-                                                              TimeSpan restTimeout,
-                                                              CancellationToken externalCancellationToken,
-                                                              string sid = "")
-        {
-            if (HttpUtil.IsOktaSSORequest(message.RequestUri.Host, message.RequestUri.AbsolutePath))
-            {
-                var mockContent = new StringContent(JsonConvert.SerializeObject("<form=error}"), Encoding.UTF8, "application/json");
-                mockContent.Headers.Add(OktaAuthenticator.RetryCountHeader, _maxRetryCount.ToString());
-                mockContent.Headers.Add(OktaAuthenticator.TimeoutElapsedHeader, _maxRetryTimeout.ToString());
-
-                return new HttpResponseMessage
-                {
-                    StatusCode = System.Net.HttpStatusCode.OK,
-                    Content = mockContent
-                };
-            }
-
-            return await base.SendAsync(message, restTimeout, externalCancellationToken).ConfigureAwait(false);
-        }
-    }
-}
diff --git a/Snowflake.Data.Tests/UnitTests/SFOktaTest.cs b/Snowflake.Data.Tests/UnitTests/SFOktaTest.cs
index 8b5c9dc55..db07f1c66 100644
--- a/Snowflake.Data.Tests/UnitTests/SFOktaTest.cs
+++ b/Snowflake.Data.Tests/UnitTests/SFOktaTest.cs
@@ -1,7 +1,6 @@
 using NUnit.Framework;
 using Snowflake.Data.Client;
 using Snowflake.Data.Core;
-using Snowflake.Data.Core.Authenticator;
 using System.Net.Http;
 
 namespace Snowflake.Data.Tests.UnitTests
@@ -12,6 +11,9 @@ class SFOktaTest
         StringContent wrongPostbackContent = new StringContent(" < !DOCTYPE html >< html lang =\"en\"><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><meta name=\"robots\" content=\"noarchive\"/><meta name=\"googlebot\" content=\"noarchive\"/><meta name=\"robots\" content=\"noindex\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\" />\n<meta name=\"apple-mobile-web-app-capable\" content=\"yes\"><meta name=\"googlebot\" content=\"noindex\" />\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n<meta name=\"robots\" content=\"none\" />\n\n<link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-16x16.c55b69ae49b08edc7c000d12b8e5483f.png\" rel=\"icon\" type=\"image/png\" sizes=\"16x16\"/><link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-32x32.99bc356b6e293b927f9e3a2b69761c26.png\" rel=\"icon\" type=\"image/png\" sizes=\"32x32\"/><link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-96x96.de98828614fa33ca04fcfaa07679f345.png\" rel=\"icon\" type=\"image/png\" sizes=\"96x96\"/><meta name=\"msapplication-TileColor\" content=\"#ffffff\">\n<meta name=\"msapplication-TileImage\" content=\"/img/icons/favicons/ms-icon-144x144.png\">\n<meta name=\"application-name\" content=\"Okta\"/>\n<meta name=\"theme-color\" content=\"#ffffff\">\n<meta name=\"msapplication-config\" content=\"/img/icons/favicons/browserconfig.xml\"/>\n\n<title>Snowflake - Signing in...</title>\n<!--[if IE]><link href=\"https://ok3static.oktacdn.com/assets/css/ie/ie.57ba8b295e567530b9a1b92e266a6eae.css\" type=\"text/css\" rel=\"stylesheet\"/><![endif]-->\n<!--[if gte IE 9]><link href=\"https://ok3static.oktacdn.com/assets/css/ie/ie9.0d563c6ff0555c4086c6606c3e6387e5.css\" type=\"text/css\" rel=\"stylesheet\"/><![endif]-->\n\n<script>if (typeof module === 'object') {window.module = module; module = undefined;}</script>\n\n<script>\n    var okta = {\n        migrateMute: true,\n        locale: 'en',\n        debug: false,\n        deployEnv: 'PROD',\n        userId: '00u141kzp5sTIufWw1d8',\n        settings: {\n            orgId: '00oy3jwwiqWBAGOLOWLT',\n            orgName: 'Snowflake',\n            serverStatus: 'ACTIVE',\n            persona: '',\n            isDeveloperConsole: '' === 'true',\n            isPreview: 'false' === 'true',\n            permissions: []\n        },\n        logHasFeatureError: function(message) {\n            var xhr = new XMLHttpRequest();\n            xhr.open('POST', '/api/internal/client-logging/has-feature-error', true);\n            xhr.setRequestHeader('Content-Type', 'application/json');\n            xhr.send(JSON.stringify({\n              message: message\n            }));\n        }\n\n    };\n</script>\n<script>var _features=[\"MONTHLY_FLAG_2019_01\",\"MONTHLY_FLAG_2018_12\",\"DEV_APPS\",\"MONTHLY_FLAG_2019_04\",\"MONTHLY_FLAG_2018_10\",\"MONTHLY_FLAG_2018_09\",\"MONTHLY_FLAG_2019_05\",\"APP_NOTES\",\"MONTHLY_FLAG_2019_02\",\"MONTHLY_FLAG_2018_11\",\"API_ACCESS_MANAGEMENT\",\"MONTHLY_FLAG_2019_03\"];</script><script>\n      window._features = window._features || [];\n      _features.push('DEV_CONSOLE');\n    </script>\n<script>window.okta || (window.okta = {}); okta.cdnUrlHostname = \"//ok3static.oktacdn.com\"; okta.cdnPerformCheck = false;</script><script>window.okta || (window.okta = {});window.okta.mixpanel = true;window.okta.mixpanelTrackingSamplingFactors = {\"_DEFAULT\":1.0};</script><script src=\"https://ok3static.oktacdn.com/assets/js/jquery-1.12.4.min.e93c5a2265fbe2a3e96fe19159fc9a84.js\" crossorigin=\"anonymous\" integrity=\"sha384-KA5uVfsh/aGN4nZ9iqQ+CAYy0emdYEnjgFsPzqxBi2AMeqLX5qoCiY4ICzIg61TX\" type=\"text/javascript\"></script><!--[if lt IE 9]><script src=\"https://ok3static.oktacdn.com/assets/enduser/js/vendor/css3-mediaqueries.fa295f0132f5335f352071ca3613a94a.js\" crossorigin=\"anonymous\" integrity=\"sha384-7pU2GSgyec3nzQMUNSuzanfJelP9UCOyHil0bOv+WnPKSS9lNA/tcxPyr7NV2w6c\" type=\"text/javascript\"></script><![endif]-->\n\n<script>if (window.module) module = window.module;</script>\n\n</head>\n<body id=\"app\" class=\"enduser-app  \">\n<noscript><div id=\"noscript-mask\"></div><div id=\"noscript-msg\" class=\"infobox infobox-warning infobox-compact\"><span class=\"icon warning-16\"></span><h3>Javascript is disabled on your browser.</h3><p>Please enable Javascript and refresh this page to use Okta.</p></div></noscript>\n\n<div id=\"container\">\n<link href=\"https://ok3static.oktacdn.com/assets/css/sections/interstitial.8c2f4a8544ec4c72abb54659e8a83b0e.css\" type=\"text/css\" rel=\"stylesheet\"/><script>\n    var interstitialMinWaitTime = 1200;\n    </script>\n<!--[if lte IE 9]>\n            <style type=\"text/css\">\n                #okta-auth-spin {\n                    top: 35%;\n                }\n            </style>\n        <![endif]-->\n\n        <!--[if lte IE 8]>\n            <style type=\"text/css\">\n                #okta-auth-band {\n                    height: 200px;\n                }\n            </style>\n        <![endif]-->\n\n        <div id=\"okta-interstitial-wrap\">\n                <div class=\"okta-auth-mask-new-interstitial\"></div>\n        <div class=\"new-interstitial\" id=\"new-interstitial\">\n        <div id=\"okta-auth-band\">\n            <img src=\"https://ok3static.oktacdn.com/assets/img/ui/indicators/new_interstitial_static.9481d4731547cec09b26be142dbeec61.png\" width=\"376\" height=\"160\" alt=\"Please wait\" class=\"new-img-static\"/><img src=\"https://ok3static.oktacdn.com/assets/img/ui/indicators/new_interstitial.c41c3b6f3a84458aca9a5919f238fbe3.gif\" width=\"376\" height=\"160\" alt=\"Please wait\" class=\"new-img\"/><img src=\"https://ok3static.oktacdn.com/assets/img/logos/okta_watermark.4a7f2ccf7d0a787cff6f59fb67f72843.png\" width=\"106\" height=\"36\" alt=\"Okta\" class=\"okta-logo\"/><div id=\"okta-auth-spin\"></div>\n                    <div id=\"okta-auth-spin-small\"></div>\n                <h1 id=\"okta-auth-heading\" class ='signing-in-text'>Signing in to TESTACCOUNT (regression)</h1>\n        </div>\n        </div> <!--new-interstitial -->\n        </div> <!--okta-interstitial-wrap -->\n\n        <script type=\"text/javascript\">\n            $(function(){\n                var isFFSVGFixEnabled = 'false';\n                if ($('#okta-auth-spin').hasClass('android-spinner')) {\n                    return;\n                }\n\n                // Remove gif animation for Safari\n                var isSafari = /AppleWebKit/.test(navigator.userAgent) && !/Chrome/.test(navigator.userAgent) && /Apple Computer/.test(navigator.vendor);\n                if (isFFSVGFixEnabled && isSafari) {\n                    $('.new-img').hide(0);\n                } else {\n                    $('.new-img').on('load', function(evt){\n                        //gif loaded correctly, fade out static asset and fade in gif\n                        //making sure we show the graphic before the form submit happens in 200ms\n                        $('.new-img-static').hide(0,function(){\n                            $('.new-img').show(0);\n                        });\n                    });\n                }\n\n                //For cached images with src the load event fires just before you add a listener for it. Hence setting the source again to make sure the event handlers fire in the right order.\n                var assetUrl = $('.new-img').attr('src');\n                $('.new-img').attr('src', assetUrl);\n\n                var standard = document.getElementById('okta-auth-spin');\n                var small = document.getElementById('okta-auth-spin-small');\n\n                var optsStandard = {\n                    lines: 9, // The number of lines to draw\n                    length: 0, // The length of each line\n                    width: 8, // The line thickness\n                    radius: 21, // The radius of the inner circle\n                    corners: 1, // Corner roundness (0..1)\n                    rotate: 0, // The rotation offset\n                    direction: 1, // 1: clockwise, -1: counterclockwise\n                    color: '#fff', // #rgb or #rrggbb\n                    speed: 1, // Rounds per second\n                    trail: 60, // Afterglow percentage\n                    shadow: false, // Whether to render a shadow\n                    hwaccel: false, // Whether to use hardware acceleration\n                    className: 'okta-auth-spinner', // The CSS class to assign to the spinner\n                    zIndex: 2e9, // The z-index (defaults to 2000000000)\n                    top: 'auto', // Top position relative to parent in px\n                    left: 'auto' // Left position relative to parent in px\n                };\n\n                var optsSmall = {\n                    lines: 9, // The number of lines to draw\n                    length: 0, // The length of each line\n                    width: 6, // The line thickness\n                    radius: 14, // The radius of the inner circle\n                    corners: 1, // Corner roundness (0..1)\n                    rotate: 0, // The rotation offset\n                    direction: 1, // 1: clockwise, -1: counterclockwise\n                    color: '#fff', // #rgb or #rrggbb\n                    speed: 1, // Rounds per second\n                    trail: 60, // Afterglow percentage\n                    shadow: false, // Whether to render a shadow\n                    hwaccel: false, // Whether to use hardware acceleration\n                    className: 'okta-auth-spinner', // The CSS class to assign to the spinner\n                    zIndex: 2e9, // The z-index (defaults to 2000000000)\n                    top: 'auto', // Top position relative to parent in px\n                    left: 'auto' // Left position relative to parent in px\n                };\n                if (typeof Spinner === 'function') {\n                    var spinnerStandard = new Spinner(optsStandard);\n                    var spinnerSmall = new Spinner(optsSmall);\n\n                    spinnerStandard.spin(standard);\n                    spinnerSmall.spin(small);\n                }\n\n            });\n        </script>\n    <form id=\"appForm\" action=\"http&#x3a;&#x2f;&#x2f;testaccount.dev.snowflakecomputing.com&#x3a;8082&#x2f;fed&#x2f;login\" method=\"POST\">\n    <input name=\"SAMLResponse\" type=\"hidden\" value=\"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBEZXN0aW5hdGlvbj0iaHR0cDovL3Rlc3RhY2NvdW50LnNub3dmbGFrZWNvbXB1dGluZy5jb206ODA4Mi9mZWQvbG9naW4iIElEPSJpZDM2OTI3Nzc0NDA0Njg3NDIxODk5NjI5MTcwIiBJc3N1ZUluc3RhbnQ9IjIwMTktMDUtMjhUMjE6MzQ6MTkuMzI2WiIgVmVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI&#x2b;aHR0cDovL3d3dy5va3RhLmNvbS9leGsxYTU1aWtwelcxVlBWcjFkODwvc2FtbDI6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8&#x2b;PGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48ZHM6UmVmZXJlbmNlIFVSST0iI2lkMzY5Mjc3NzQ0MDQ2ODc0MjE4OTk2MjkxNzAiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM&#x2b;PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkczpEaWdlc3RWYWx1ZT5hUDYvbUhGMFFKTUdkWlJSNlVYZ2o0QW9HaW5WMnF3VHBRVytEVzVHcnJFPTwvZHM6RGlnZXN0VmFsdWU&#x2b;PC9kczpSZWZlcmVuY2U&#x2b;PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5KNlYrYVFMaTRTVGR3NXFmWEU3czRrVS9ycHRDaWYvM0liUnRWaWc4K2Y1SldMWDdiaVlqZExueWlhRHpObGRVYXJzeGQzRDd5eHkzUWNyZ2hCRlp3ZGVlbFR5b3krWmZFSzltd3NnTm9wMTFKTktneHRsNTRnNmhiSUlOaXVVOEhxOExUNUs2SXAzZE5ZN1E1WFV2U09rTVUwZUg5M3ZDMExVaWVYZDJBektqSUtaa3lZNmlDdi9BSis5SUNvQk9FMHBTZnl2RjNiZjRWRmhWQkwvSVBFMFg1eTBIZzFERmNZWXhqaVhrYXU2cmN2NjBDcEZ6ejdxaFJCOTJyWDEyMm0zRHlaR3ZVVHJEalVsRXd0Mk0yazhyNy8zWjlURWc2VE9wc3ovMmNEME1xTHBNOWJtenpkZWQ4MzZoUC83WlJiUG5UNGM0OHAvakRCMXNieTMyS1E9PTwvZHM6U2lnbmF0dXJlVmFsdWU&#x2b;PGRzOktleUluZm8&#x2b;PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU&#x2b;TUlJRHREQ0NBcHlnQXdJQkFnSUdBVmhLZEhkc01BMEdDU3FHU0liM0RRRUJDd1VBTUlHYU1Rc3dDUVlEVlFRR0V3SlZVekVUTUJFRwpBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeVlXNWphWE5qYnpFTk1Bc0dBMVVFQ2d3RVQydDBZVEVVCk1CSUdBMVVFQ3d3TFUxTlBVSEp2ZG1sa1pYSXhHekFaQmdOVkJBTU1Fbk51YjNkbWJHRnJaV052YlhCMWRHbHVaekVjTUJvR0NTcUcKU0liM0RRRUpBUllOYVc1bWIwQnZhM1JoTG1OdmJUQWVGdzB4TmpFeE1Ea3hPRFUzTVRaYUZ3MHlOakV4TURreE9EVTRNVFphTUlHYQpNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeVlXNWphWE5qCmJ6RU5NQXNHQTFVRUNnd0VUMnQwWVRFVU1CSUdBMVVFQ3d3TFUxTlBVSEp2ZG1sa1pYSXhHekFaQmdOVkJBTU1Fbk51YjNkbWJHRnIKWldOdmJYQjFkR2x1WnpFY01Cb0dDU3FHU0liM0RRRUpBUllOYVc1bWIwQnZhM1JoTG1OdmJUQ0NBU0l3RFFZSktvWklodmNOQVFFQgpCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMY1VadDZEMVh0ck1Mc08rakp4cS95R29LV1JBbXRTeU9kSVhITEVkMWppSFNuUkxOdEM5VldaClNHVTVZcTliSDlrR0x3NDZrVWZXcXlGb05rM2VQOVVQRlY2NUZ3emtrU24rNDhYMkl4WXBHUjcwSnJjYlBBS3l6VlR4M1U5NXkrZ0MKaUlkSjdsWUFNNWxCaUY5UTgxVjE5RzA2cHpsbzBSVlpPQ09sbHZCU2RrUnJiQXhlRGNTN2tSRElxUGh6SHdIM1hWOWpmLzRjZVhmUQpCUXZjKzIxWEZnTzRXTmtrWUxlemllYzQzNkd2aittRmRLVHhiTktpQmdxbnQ5VUZmM3hxdG01ajlyTDdHQ0VtNmVnL0dhdW84VFZNCng3c21GSVBkZVNrUmRFVytxU2tPbjlHdzhZZHNEY2UzRTRjVXlnY3o1WjZMakFRbGNVYVNaVTlqZlpNQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQVFFQVdURmowVXkwQ0xGbThYdzh3dlhjQlA3aU5vMjFIcS9rbStJL0UzbnVKMDlPcmlFamMwRGJyZ0ZvN3ZqSQpxSUU4YWEyM2J3eUlBbEZZQzZ3NlF6TFpIeG9EbnpLU1FRSEM5NXVEYW9XcXVvWTdYb3UvSjlvQjJtQy8vL0l5ME1OOHljWCs1YnRuClM2cWRWVnVXaE9HMEMrOXg4UGIydW1DNlFUcXBTZ3E0U01nV0VOellFUnZaRDgzTTFsZzY5aElZaVRqZ2tCMU1FQXZWbUs0N0M2UlgKQXZzMld1T0Vkc1V3M1g4T0FSLzh4TWlpamt3ZzByeU93TGxONzRHZGphTEVnWU5PM0tqdjNiOEh3UlJKMXdkekxZV0tBaXFXb1R3aQpXcGNZcytlbVlPcVZSNTJzR1NGYnQrbmEzVStFZXRtVStPa0J1TjhIcXJYVFY5ekFmZTE3SGc9PTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE&#x2b;PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sMnA6U3RhdHVzIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbDJwOlN0YXR1cz48c2FtbDI6QXNzZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iaWQzNjkyNzc3NDQwNTUxMTYwMTQ1MDQ4NjgyOSIgSXNzdWVJbnN0YW50PSIyMDE5LTA1LTI4VDIxOjM0OjE5LjMyNloiIFZlcnNpb249IjIuMCI&#x2b;PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly93d3cub2t0YS5jb20vZXhrMWE1NWlrcHpXMVZQVnIxZDg8L3NhbWwyOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8&#x2b;PGRzOlJlZmVyZW5jZSBVUkk9IiNpZDM2OTI3Nzc0NDA1NTExNjAxNDUwNDg2ODI5Ij48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8&#x2b;PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHM6RGlnZXN0VmFsdWU&#x2b;VUQ0SHNVNzRCbGFSNjcxTnJBaFVvNWJqYlpEemJwTnp0SVpza2lJMGRkTT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU&#x2b;aVA0emZWQVJsdTVaM0gya3B4V0hYeVNpZzZabERKdXdvd0FobW95Wmg3VmxPK0txaGdvYXBrTGxxNW1FTTdhTXg3V3VodjBRM0luNjlaYjl6UGJqaWpsYWQzWW4vTTRDVGVveFZBV0dUN1VtMDhJdnBsc2NEK1RKSks1WG9BRWZVcGp3MVlzczgycEJhVlgwbVp1citla1Y1MEhvUUhsb1FUTUpDeHJ4aXB0aXBSSmhlblR5QVBQelVDQ3R5K1crenNKaWZTdnRLNWFEcmEvSnlRMFJyRWNlakdKRjlrbFlFUnVwNGE1QlpMSmlKQ1JLWXZzOCtYWlhjakVMV1RIWUpHMjUvZXRBVVgvQ3drU3h6WlYzckU4ZjVMbU9iTTJGTTg5bjE5aHJTc0tmUWFhdkU3WDBEeURJTU5GNHpoZndFcTVUZTJaWXdRMnczRHZHazBBekxRPT08L2RzOlNpZ25hdHVyZVZhbHVlPjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUR0RENDQXB5Z0F3SUJBZ0lHQVZoS2RIZHNNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JR2FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUcKQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVTJGdUlFWnlZVzVqYVhOamJ6RU5NQXNHQTFVRUNnd0VUMnQwWVRFVQpNQklHQTFVRUN3d0xVMU5QVUhKdmRtbGtaWEl4R3pBWkJnTlZCQU1NRW5OdWIzZG1iR0ZyWldOdmJYQjFkR2x1WnpFY01Cb0dDU3FHClNJYjNEUUVKQVJZTmFXNW1iMEJ2YTNSaExtTnZiVEFlRncweE5qRXhNRGt4T0RVM01UWmFGdzB5TmpFeE1Ea3hPRFU0TVRaYU1JR2EKTVFzd0NRWURWUVFHRXdKVlV6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVTJGdUlFWnlZVzVqYVhOagpiekVOTUFzR0ExVUVDZ3dFVDJ0MFlURVVNQklHQTFVRUN3d0xVMU5QVUhKdmRtbGtaWEl4R3pBWkJnTlZCQU1NRW5OdWIzZG1iR0ZyClpXTnZiWEIxZEdsdVp6RWNNQm9HQ1NxR1NJYjNEUUVKQVJZTmFXNW1iMEJ2YTNSaExtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUIKQlFBRGdnRVBBRENDQVFvQ2dnRUJBTGNVWnQ2RDFYdHJNTHNPK2pKeHEveUdvS1dSQW10U3lPZElYSExFZDFqaUhTblJMTnRDOVZXWgpTR1U1WXE5Ykg5a0dMdzQ2a1VmV3F5Rm9OazNlUDlVUEZWNjVGd3pra1NuKzQ4WDJJeFlwR1I3MEpyY2JQQUt5elZUeDNVOTV5K2dDCmlJZEo3bFlBTTVsQmlGOVE4MVYxOUcwNnB6bG8wUlZaT0NPbGx2QlNka1JyYkF4ZURjUzdrUkRJcVBoekh3SDNYVjlqZi80Y2VYZlEKQlF2YysyMVhGZ080V05ra1lMZXppZWM0MzZHdmorbUZkS1R4Yk5LaUJncW50OVVGZjN4cXRtNWo5ckw3R0NFbTZlZy9HYXVvOFRWTQp4N3NtRklQZGVTa1JkRVcrcVNrT245R3c4WWRzRGNlM0U0Y1V5Z2N6NVo2TGpBUWxjVWFTWlU5amZaTUNBd0VBQVRBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFXVEZqMFV5MENMRm04WHc4d3ZYY0JQN2lObzIxSHEva20rSS9FM251SjA5T3JpRWpjMERicmdGbzd2akkKcUlFOGFhMjNid3lJQWxGWUM2dzZRekxaSHhvRG56S1NRUUhDOTV1RGFvV3F1b1k3WG91L0o5b0IybUMvLy9JeTBNTjh5Y1grNWJ0bgpTNnFkVlZ1V2hPRzBDKzl4OFBiMnVtQzZRVHFwU2dxNFNNZ1dFTnpZRVJ2WkQ4M00xbGc2OWhJWWlUamdrQjFNRUF2Vm1LNDdDNlJYCkF2czJXdU9FZHNVdzNYOE9BUi84eE1paWprd2cwcnlPd0xsTjc0R2RqYUxFZ1lOTzNLanYzYjhId1JSSjF3ZHpMWVdLQWlxV29Ud2kKV3BjWXMrZW1ZT3FWUjUyc0dTRmJ0K25hM1UrRWV0bVUrT2tCdU44SHFyWFRWOXpBZmUxN0hnPT08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbDI6U3ViamVjdCB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI&#x2b;PHNhbWwyOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIj5xYUBzbm93Zmxha2Vjb21wdXRpbmcuY29tPC9zYW1sMjpOYW1lSUQ&#x2b;PHNhbWwyOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDE5LTA1LTI4VDIxOjM5OjE5LjMyNloiIFJlY2lwaWVudD0iaHR0cDovL3Rlc3RhY2NvdW50LnNub3dmbGFrZWNvbXB1dGluZy5jb206ODA4Mi9mZWQvbG9naW4iLz48L3NhbWwyOlN1YmplY3RDb25maXJtYXRpb24&#x2b;PC9zYW1sMjpTdWJqZWN0PjxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxOS0wNS0yOFQyMToyOToxOS4zMjZaIiBOb3RPbk9yQWZ0ZXI9IjIwMTktMDUtMjhUMjE6Mzk6MTkuMzI2WiIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sMjpBdWRpZW5jZT5odHRwOi8vdGVzdGFjY291bnQuc25vd2ZsYWtlY29tcHV0aW5nLmNvbTo4MDgyL2ZlZC9sb2dpbjwvc2FtbDI6QXVkaWVuY2U&#x2b;PC9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDI6Q29uZGl0aW9ucz48c2FtbDI6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE5LTA1LTI4VDIxOjM0OjE5LjMyNloiIFNlc3Npb25JbmRleD0iaWQxNTU5MDc5MjU5MzI2LjQ0NjkwMzY4OCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sMjpBdXRobkNvbnRleHQ&#x2b;PHNhbWwyOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9zYW1sMjpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWwyOkF1dGhuQ29udGV4dD48L3NhbWwyOkF1dGhuU3RhdGVtZW50Pjwvc2FtbDI6QXNzZXJ0aW9uPjwvc2FtbDJwOlJlc3BvbnNlPg&#x3d;&#x3d;\"/>\n    <input name=\"RelayState\" type=\"hidden\" value=\"&#x2f;some&#x2f;deep&#x2f;link\"/>\n</form>\n\n<script src=\"https://ok3static.oktacdn.com/assets/js/app/sso/interstitial.474dce61acfac4a4d016921943cf2a68.js\" crossorigin=\"anonymous\" integrity=\"sha384-rIRjIHrr5XnyB1DG8t+uL1F3e5asM+gYMial0fj56hCWADEBdp3BiwtOAnNpU7Zc\" type=\"text/javascript\"></script></div>\n<!-- close #container -->\n</body>\n</html>\n");
         StringContent noPostbackContent = new StringContent(" < !DOCTYPE html >< html lang =\"en\"><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><meta name=\"robots\" content=\"noarchive\"/><meta name=\"googlebot\" content=\"noarchive\"/><meta name=\"robots\" content=\"noindex\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\" />\n<meta name=\"apple-mobile-web-app-capable\" content=\"yes\"><meta name=\"googlebot\" content=\"noindex\" />\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n<meta name=\"robots\" content=\"none\" />\n\n<link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-16x16.c55b69ae49b08edc7c000d12b8e5483f.png\" rel=\"icon\" type=\"image/png\" sizes=\"16x16\"/><link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-32x32.99bc356b6e293b927f9e3a2b69761c26.png\" rel=\"icon\" type=\"image/png\" sizes=\"32x32\"/><link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-96x96.de98828614fa33ca04fcfaa07679f345.png\" rel=\"icon\" type=\"image/png\" sizes=\"96x96\"/><meta name=\"msapplication-TileColor\" content=\"#ffffff\">\n<meta name=\"msapplication-TileImage\" content=\"/img/icons/favicons/ms-icon-144x144.png\">\n<meta name=\"application-name\" content=\"Okta\"/>\n<meta name=\"theme-color\" content=\"#ffffff\">\n<meta name=\"msapplication-config\" content=\"/img/icons/favicons/browserconfig.xml\"/>\n\n<title>Snowflake - Signing in...</title>\n<!--[if IE]><link href=\"https://ok3static.oktacdn.com/assets/css/ie/ie.57ba8b295e567530b9a1b92e266a6eae.css\" type=\"text/css\" rel=\"stylesheet\"/><![endif]-->\n<!--[if gte IE 9]><link href=\"https://ok3static.oktacdn.com/assets/css/ie/ie9.0d563c6ff0555c4086c6606c3e6387e5.css\" type=\"text/css\" rel=\"stylesheet\"/><![endif]-->\n\n<script>if (typeof module === 'object') {window.module = module; module = undefined;}</script>\n\n<script>\n    var okta = {\n        migrateMute: true,\n        locale: 'en',\n        debug: false,\n        deployEnv: 'PROD',\n        userId: '00u141kzp5sTIufWw1d8',\n        settings: {\n            orgId: '00oy3jwwiqWBAGOLOWLT',\n            orgName: 'Snowflake',\n            serverStatus: 'ACTIVE',\n            persona: '',\n            isDeveloperConsole: '' === 'true',\n            isPreview: 'false' === 'true',\n            permissions: []\n        },\n        logHasFeatureError: function(message) {\n            var xhr = new XMLHttpRequest();\n            xhr.open('POST', '/api/internal/client-logging/has-feature-error', true);\n            xhr.setRequestHeader('Content-Type', 'application/json');\n            xhr.send(JSON.stringify({\n              message: message\n            }));\n        }\n\n    };\n</script>\n<script>var _features=[\"MONTHLY_FLAG_2019_01\",\"MONTHLY_FLAG_2018_12\",\"DEV_APPS\",\"MONTHLY_FLAG_2019_04\",\"MONTHLY_FLAG_2018_10\",\"MONTHLY_FLAG_2018_09\",\"MONTHLY_FLAG_2019_05\",\"APP_NOTES\",\"MONTHLY_FLAG_2019_02\",\"MONTHLY_FLAG_2018_11\",\"API_ACCESS_MANAGEMENT\",\"MONTHLY_FLAG_2019_03\"];</script><script>\n      window._features = window._features || [];\n      _features.push('DEV_CONSOLE');\n    </script>\n<script>window.okta || (window.okta = {}); okta.cdnUrlHostname = \"//ok3static.oktacdn.com\"; okta.cdnPerformCheck = false;</script><script>window.okta || (window.okta = {});window.okta.mixpanel = true;window.okta.mixpanelTrackingSamplingFactors = {\"_DEFAULT\":1.0};</script><script src=\"https://ok3static.oktacdn.com/assets/js/jquery-1.12.4.min.e93c5a2265fbe2a3e96fe19159fc9a84.js\" crossorigin=\"anonymous\" integrity=\"sha384-KA5uVfsh/aGN4nZ9iqQ+CAYy0emdYEnjgFsPzqxBi2AMeqLX5qoCiY4ICzIg61TX\" type=\"text/javascript\"></script><!--[if lt IE 9]><script src=\"https://ok3static.oktacdn.com/assets/enduser/js/vendor/css3-mediaqueries.fa295f0132f5335f352071ca3613a94a.js\" crossorigin=\"anonymous\" integrity=\"sha384-7pU2GSgyec3nzQMUNSuzanfJelP9UCOyHil0bOv+WnPKSS9lNA/tcxPyr7NV2w6c\" type=\"text/javascript\"></script><![endif]-->\n\n<script>if (window.module) module = window.module;</script>\n\n</head>\n<body id=\"app\" class=\"enduser-app  \">\n<noscript><div id=\"noscript-mask\"></div><div id=\"noscript-msg\" class=\"infobox infobox-warning infobox-compact\"><span class=\"icon warning-16\"></span><h3>Javascript is disabled on your browser.</h3><p>Please enable Javascript and refresh this page to use Okta.</p></div></noscript>\n\n<div id=\"container\">\n<link href=\"https://ok3static.oktacdn.com/assets/css/sections/interstitial.8c2f4a8544ec4c72abb54659e8a83b0e.css\" type=\"text/css\" rel=\"stylesheet\"/><script>\n    var interstitialMinWaitTime = 1200;\n    </script>\n<!--[if lte IE 9]>\n            <style type=\"text/css\">\n                #okta-auth-spin {\n                    top: 35%;\n                }\n            </style>\n        <![endif]-->\n\n        <!--[if lte IE 8]>\n            <style type=\"text/css\">\n                #okta-auth-band {\n                    height: 200px;\n                }\n            </style>\n        <![endif]-->\n\n        <div id=\"okta-interstitial-wrap\">\n                <div class=\"okta-auth-mask-new-interstitial\"></div>\n        <div class=\"new-interstitial\" id=\"new-interstitial\">\n        <div id=\"okta-auth-band\">\n            <img src=\"https://ok3static.oktacdn.com/assets/img/ui/indicators/new_interstitial_static.9481d4731547cec09b26be142dbeec61.png\" width=\"376\" height=\"160\" alt=\"Please wait\" class=\"new-img-static\"/><img src=\"https://ok3static.oktacdn.com/assets/img/ui/indicators/new_interstitial.c41c3b6f3a84458aca9a5919f238fbe3.gif\" width=\"376\" height=\"160\" alt=\"Please wait\" class=\"new-img\"/><img src=\"https://ok3static.oktacdn.com/assets/img/logos/okta_watermark.4a7f2ccf7d0a787cff6f59fb67f72843.png\" width=\"106\" height=\"36\" alt=\"Okta\" class=\"okta-logo\"/><div id=\"okta-auth-spin\"></div>\n                    <div id=\"okta-auth-spin-small\"></div>\n                <h1 id=\"okta-auth-heading\" class ='signing-in-text'>Signing in to TESTACCOUNT (regression)</h1>\n        </div>\n        </div> <!--new-interstitial -->\n        </div> <!--okta-interstitial-wrap -->\n\n        <script type=\"text/javascript\">\n            $(function(){\n                var isFFSVGFixEnabled = 'false';\n                if ($('#okta-auth-spin').hasClass('android-spinner')) {\n                    return;\n                }\n\n                // Remove gif animation for Safari\n                var isSafari = /AppleWebKit/.test(navigator.userAgent) && !/Chrome/.test(navigator.userAgent) && /Apple Computer/.test(navigator.vendor);\n                if (isFFSVGFixEnabled && isSafari) {\n                    $('.new-img').hide(0);\n                } else {\n                    $('.new-img').on('load', function(evt){\n                        //gif loaded correctly, fade out static asset and fade in gif\n                        //making sure we show the graphic before the form submit happens in 200ms\n                        $('.new-img-static').hide(0,function(){\n                            $('.new-img').show(0);\n                        });\n                    });\n                }\n\n                //For cached images with src the load event fires just before you add a listener for it. Hence setting the source again to make sure the event handlers fire in the right order.\n                var assetUrl = $('.new-img').attr('src');\n                $('.new-img').attr('src', assetUrl);\n\n                var standard = document.getElementById('okta-auth-spin');\n                var small = document.getElementById('okta-auth-spin-small');\n\n                var optsStandard = {\n                    lines: 9, // The number of lines to draw\n                    length: 0, // The length of each line\n                    width: 8, // The line thickness\n                    radius: 21, // The radius of the inner circle\n                    corners: 1, // Corner roundness (0..1)\n                    rotate: 0, // The rotation offset\n                    direction: 1, // 1: clockwise, -1: counterclockwise\n                    color: '#fff', // #rgb or #rrggbb\n                    speed: 1, // Rounds per second\n                    trail: 60, // Afterglow percentage\n                    shadow: false, // Whether to render a shadow\n                    hwaccel: false, // Whether to use hardware acceleration\n                    className: 'okta-auth-spinner', // The CSS class to assign to the spinner\n                    zIndex: 2e9, // The z-index (defaults to 2000000000)\n                    top: 'auto', // Top position relative to parent in px\n                    left: 'auto' // Left position relative to parent in px\n                };\n\n                var optsSmall = {\n                    lines: 9, // The number of lines to draw\n                    length: 0, // The length of each line\n                    width: 6, // The line thickness\n                    radius: 14, // The radius of the inner circle\n                    corners: 1, // Corner roundness (0..1)\n                    rotate: 0, // The rotation offset\n                    direction: 1, // 1: clockwise, -1: counterclockwise\n                    color: '#fff', // #rgb or #rrggbb\n                    speed: 1, // Rounds per second\n                    trail: 60, // Afterglow percentage\n                    shadow: false, // Whether to render a shadow\n                    hwaccel: false, // Whether to use hardware acceleration\n                    className: 'okta-auth-spinner', // The CSS class to assign to the spinner\n                    zIndex: 2e9, // The z-index (defaults to 2000000000)\n                    top: 'auto', // Top position relative to parent in px\n                    left: 'auto' // Left position relative to parent in px\n                };\n                if (typeof Spinner === 'function') {\n                    var spinnerStandard = new Spinner(optsStandard);\n                    var spinnerSmall = new Spinner(optsSmall);\n\n                    spinnerStandard.spin(standard);\n                    spinnerSmall.spin(small);\n                }\n\n            });\n        </script>\n    <form id=\"appForm\" method=\"POST\">\n    <input name=\"SAMLResponse\" type=\"hidden\" value=\"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBEZXN0aW5hdGlvbj0iaHR0cDovL3Rlc3RhY2NvdW50LnNub3dmbGFrZWNvbXB1dGluZy5jb206ODA4Mi9mZWQvbG9naW4iIElEPSJpZDM2OTI3Nzc0NDA0Njg3NDIxODk5NjI5MTcwIiBJc3N1ZUluc3RhbnQ9IjIwMTktMDUtMjhUMjE6MzQ6MTkuMzI2WiIgVmVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI&#x2b;aHR0cDovL3d3dy5va3RhLmNvbS9leGsxYTU1aWtwelcxVlBWcjFkODwvc2FtbDI6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8&#x2b;PGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48ZHM6UmVmZXJlbmNlIFVSST0iI2lkMzY5Mjc3NzQ0MDQ2ODc0MjE4OTk2MjkxNzAiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM&#x2b;PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkczpEaWdlc3RWYWx1ZT5hUDYvbUhGMFFKTUdkWlJSNlVYZ2o0QW9HaW5WMnF3VHBRVytEVzVHcnJFPTwvZHM6RGlnZXN0VmFsdWU&#x2b;PC9kczpSZWZlcmVuY2U&#x2b;PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5KNlYrYVFMaTRTVGR3NXFmWEU3czRrVS9ycHRDaWYvM0liUnRWaWc4K2Y1SldMWDdiaVlqZExueWlhRHpObGRVYXJzeGQzRDd5eHkzUWNyZ2hCRlp3ZGVlbFR5b3krWmZFSzltd3NnTm9wMTFKTktneHRsNTRnNmhiSUlOaXVVOEhxOExUNUs2SXAzZE5ZN1E1WFV2U09rTVUwZUg5M3ZDMExVaWVYZDJBektqSUtaa3lZNmlDdi9BSis5SUNvQk9FMHBTZnl2RjNiZjRWRmhWQkwvSVBFMFg1eTBIZzFERmNZWXhqaVhrYXU2cmN2NjBDcEZ6ejdxaFJCOTJyWDEyMm0zRHlaR3ZVVHJEalVsRXd0Mk0yazhyNy8zWjlURWc2VE9wc3ovMmNEME1xTHBNOWJtenpkZWQ4MzZoUC83WlJiUG5UNGM0OHAvakRCMXNieTMyS1E9PTwvZHM6U2lnbmF0dXJlVmFsdWU&#x2b;PGRzOktleUluZm8&#x2b;PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU&#x2b;TUlJRHREQ0NBcHlnQXdJQkFnSUdBVmhLZEhkc01BMEdDU3FHU0liM0RRRUJDd1VBTUlHYU1Rc3dDUVlEVlFRR0V3SlZVekVUTUJFRwpBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeVlXNWphWE5qYnpFTk1Bc0dBMVVFQ2d3RVQydDBZVEVVCk1CSUdBMVVFQ3d3TFUxTlBVSEp2ZG1sa1pYSXhHekFaQmdOVkJBTU1Fbk51YjNkbWJHRnJaV052YlhCMWRHbHVaekVjTUJvR0NTcUcKU0liM0RRRUpBUllOYVc1bWIwQnZhM1JoTG1OdmJUQWVGdzB4TmpFeE1Ea3hPRFUzTVRaYUZ3MHlOakV4TURreE9EVTRNVFphTUlHYQpNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeVlXNWphWE5qCmJ6RU5NQXNHQTFVRUNnd0VUMnQwWVRFVU1CSUdBMVVFQ3d3TFUxTlBVSEp2ZG1sa1pYSXhHekFaQmdOVkJBTU1Fbk51YjNkbWJHRnIKWldOdmJYQjFkR2x1WnpFY01Cb0dDU3FHU0liM0RRRUpBUllOYVc1bWIwQnZhM1JoTG1OdmJUQ0NBU0l3RFFZSktvWklodmNOQVFFQgpCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMY1VadDZEMVh0ck1Mc08rakp4cS95R29LV1JBbXRTeU9kSVhITEVkMWppSFNuUkxOdEM5VldaClNHVTVZcTliSDlrR0x3NDZrVWZXcXlGb05rM2VQOVVQRlY2NUZ3emtrU24rNDhYMkl4WXBHUjcwSnJjYlBBS3l6VlR4M1U5NXkrZ0MKaUlkSjdsWUFNNWxCaUY5UTgxVjE5RzA2cHpsbzBSVlpPQ09sbHZCU2RrUnJiQXhlRGNTN2tSRElxUGh6SHdIM1hWOWpmLzRjZVhmUQpCUXZjKzIxWEZnTzRXTmtrWUxlemllYzQzNkd2aittRmRLVHhiTktpQmdxbnQ5VUZmM3hxdG01ajlyTDdHQ0VtNmVnL0dhdW84VFZNCng3c21GSVBkZVNrUmRFVytxU2tPbjlHdzhZZHNEY2UzRTRjVXlnY3o1WjZMakFRbGNVYVNaVTlqZlpNQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQVFFQVdURmowVXkwQ0xGbThYdzh3dlhjQlA3aU5vMjFIcS9rbStJL0UzbnVKMDlPcmlFamMwRGJyZ0ZvN3ZqSQpxSUU4YWEyM2J3eUlBbEZZQzZ3NlF6TFpIeG9EbnpLU1FRSEM5NXVEYW9XcXVvWTdYb3UvSjlvQjJtQy8vL0l5ME1OOHljWCs1YnRuClM2cWRWVnVXaE9HMEMrOXg4UGIydW1DNlFUcXBTZ3E0U01nV0VOellFUnZaRDgzTTFsZzY5aElZaVRqZ2tCMU1FQXZWbUs0N0M2UlgKQXZzMld1T0Vkc1V3M1g4T0FSLzh4TWlpamt3ZzByeU93TGxONzRHZGphTEVnWU5PM0tqdjNiOEh3UlJKMXdkekxZV0tBaXFXb1R3aQpXcGNZcytlbVlPcVZSNTJzR1NGYnQrbmEzVStFZXRtVStPa0J1TjhIcXJYVFY5ekFmZTE3SGc9PTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE&#x2b;PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sMnA6U3RhdHVzIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbDJwOlN0YXR1cz48c2FtbDI6QXNzZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iaWQzNjkyNzc3NDQwNTUxMTYwMTQ1MDQ4NjgyOSIgSXNzdWVJbnN0YW50PSIyMDE5LTA1LTI4VDIxOjM0OjE5LjMyNloiIFZlcnNpb249IjIuMCI&#x2b;PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly93d3cub2t0YS5jb20vZXhrMWE1NWlrcHpXMVZQVnIxZDg8L3NhbWwyOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8&#x2b;PGRzOlJlZmVyZW5jZSBVUkk9IiNpZDM2OTI3Nzc0NDA1NTExNjAxNDUwNDg2ODI5Ij48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8&#x2b;PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHM6RGlnZXN0VmFsdWU&#x2b;VUQ0SHNVNzRCbGFSNjcxTnJBaFVvNWJqYlpEemJwTnp0SVpza2lJMGRkTT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU&#x2b;aVA0emZWQVJsdTVaM0gya3B4V0hYeVNpZzZabERKdXdvd0FobW95Wmg3VmxPK0txaGdvYXBrTGxxNW1FTTdhTXg3V3VodjBRM0luNjlaYjl6UGJqaWpsYWQzWW4vTTRDVGVveFZBV0dUN1VtMDhJdnBsc2NEK1RKSks1WG9BRWZVcGp3MVlzczgycEJhVlgwbVp1citla1Y1MEhvUUhsb1FUTUpDeHJ4aXB0aXBSSmhlblR5QVBQelVDQ3R5K1crenNKaWZTdnRLNWFEcmEvSnlRMFJyRWNlakdKRjlrbFlFUnVwNGE1QlpMSmlKQ1JLWXZzOCtYWlhjakVMV1RIWUpHMjUvZXRBVVgvQ3drU3h6WlYzckU4ZjVMbU9iTTJGTTg5bjE5aHJTc0tmUWFhdkU3WDBEeURJTU5GNHpoZndFcTVUZTJaWXdRMnczRHZHazBBekxRPT08L2RzOlNpZ25hdHVyZVZhbHVlPjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUR0RENDQXB5Z0F3SUJBZ0lHQVZoS2RIZHNNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JR2FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUcKQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVTJGdUlFWnlZVzVqYVhOamJ6RU5NQXNHQTFVRUNnd0VUMnQwWVRFVQpNQklHQTFVRUN3d0xVMU5QVUhKdmRtbGtaWEl4R3pBWkJnTlZCQU1NRW5OdWIzZG1iR0ZyWldOdmJYQjFkR2x1WnpFY01Cb0dDU3FHClNJYjNEUUVKQVJZTmFXNW1iMEJ2YTNSaExtTnZiVEFlRncweE5qRXhNRGt4T0RVM01UWmFGdzB5TmpFeE1Ea3hPRFU0TVRaYU1JR2EKTVFzd0NRWURWUVFHRXdKVlV6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVTJGdUlFWnlZVzVqYVhOagpiekVOTUFzR0ExVUVDZ3dFVDJ0MFlURVVNQklHQTFVRUN3d0xVMU5QVUhKdmRtbGtaWEl4R3pBWkJnTlZCQU1NRW5OdWIzZG1iR0ZyClpXTnZiWEIxZEdsdVp6RWNNQm9HQ1NxR1NJYjNEUUVKQVJZTmFXNW1iMEJ2YTNSaExtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUIKQlFBRGdnRVBBRENDQVFvQ2dnRUJBTGNVWnQ2RDFYdHJNTHNPK2pKeHEveUdvS1dSQW10U3lPZElYSExFZDFqaUhTblJMTnRDOVZXWgpTR1U1WXE5Ykg5a0dMdzQ2a1VmV3F5Rm9OazNlUDlVUEZWNjVGd3pra1NuKzQ4WDJJeFlwR1I3MEpyY2JQQUt5elZUeDNVOTV5K2dDCmlJZEo3bFlBTTVsQmlGOVE4MVYxOUcwNnB6bG8wUlZaT0NPbGx2QlNka1JyYkF4ZURjUzdrUkRJcVBoekh3SDNYVjlqZi80Y2VYZlEKQlF2YysyMVhGZ080V05ra1lMZXppZWM0MzZHdmorbUZkS1R4Yk5LaUJncW50OVVGZjN4cXRtNWo5ckw3R0NFbTZlZy9HYXVvOFRWTQp4N3NtRklQZGVTa1JkRVcrcVNrT245R3c4WWRzRGNlM0U0Y1V5Z2N6NVo2TGpBUWxjVWFTWlU5amZaTUNBd0VBQVRBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFXVEZqMFV5MENMRm04WHc4d3ZYY0JQN2lObzIxSHEva20rSS9FM251SjA5T3JpRWpjMERicmdGbzd2akkKcUlFOGFhMjNid3lJQWxGWUM2dzZRekxaSHhvRG56S1NRUUhDOTV1RGFvV3F1b1k3WG91L0o5b0IybUMvLy9JeTBNTjh5Y1grNWJ0bgpTNnFkVlZ1V2hPRzBDKzl4OFBiMnVtQzZRVHFwU2dxNFNNZ1dFTnpZRVJ2WkQ4M00xbGc2OWhJWWlUamdrQjFNRUF2Vm1LNDdDNlJYCkF2czJXdU9FZHNVdzNYOE9BUi84eE1paWprd2cwcnlPd0xsTjc0R2RqYUxFZ1lOTzNLanYzYjhId1JSSjF3ZHpMWVdLQWlxV29Ud2kKV3BjWXMrZW1ZT3FWUjUyc0dTRmJ0K25hM1UrRWV0bVUrT2tCdU44SHFyWFRWOXpBZmUxN0hnPT08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbDI6U3ViamVjdCB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI&#x2b;PHNhbWwyOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIj5xYUBzbm93Zmxha2Vjb21wdXRpbmcuY29tPC9zYW1sMjpOYW1lSUQ&#x2b;PHNhbWwyOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDE5LTA1LTI4VDIxOjM5OjE5LjMyNloiIFJlY2lwaWVudD0iaHR0cDovL3Rlc3RhY2NvdW50LnNub3dmbGFrZWNvbXB1dGluZy5jb206ODA4Mi9mZWQvbG9naW4iLz48L3NhbWwyOlN1YmplY3RDb25maXJtYXRpb24&#x2b;PC9zYW1sMjpTdWJqZWN0PjxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxOS0wNS0yOFQyMToyOToxOS4zMjZaIiBOb3RPbk9yQWZ0ZXI9IjIwMTktMDUtMjhUMjE6Mzk6MTkuMzI2WiIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sMjpBdWRpZW5jZT5odHRwOi8vdGVzdGFjY291bnQuc25vd2ZsYWtlY29tcHV0aW5nLmNvbTo4MDgyL2ZlZC9sb2dpbjwvc2FtbDI6QXVkaWVuY2U&#x2b;PC9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDI6Q29uZGl0aW9ucz48c2FtbDI6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE5LTA1LTI4VDIxOjM0OjE5LjMyNloiIFNlc3Npb25JbmRleD0iaWQxNTU5MDc5MjU5MzI2LjQ0NjkwMzY4OCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sMjpBdXRobkNvbnRleHQ&#x2b;PHNhbWwyOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9zYW1sMjpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWwyOkF1dGhuQ29udGV4dD48L3NhbWwyOkF1dGhuU3RhdGVtZW50Pjwvc2FtbDI6QXNzZXJ0aW9uPjwvc2FtbDJwOlJlc3BvbnNlPg&#x3d;&#x3d;\"/>\n    <input name=\"RelayState\" type=\"hidden\" value=\"&#x2f;some&#x2f;deep&#x2f;link\"/>\n</form>\n\n<script src=\"https://ok3static.oktacdn.com/assets/js/app/sso/interstitial.474dce61acfac4a4d016921943cf2a68.js\" crossorigin=\"anonymous\" integrity=\"sha384-rIRjIHrr5XnyB1DG8t+uL1F3e5asM+gYMial0fj56hCWADEBdp3BiwtOAnNpU7Zc\" type=\"text/javascript\"></script></div>\n<!-- close #container -->\n</body>\n</html>\n");
 
+        const int MaxRetryCount = 1;
+        const int MaxRetryTimeout = 1;
+
         [Test]
         public void TestSsoTokenUrlMismatch()
         {
@@ -21,6 +23,8 @@ public void TestSsoTokenUrlMismatch()
                 {
                     TokenUrl = "https://snowflakecomputing.okta1.com/api/v1/sessions?additionalFields=cookieToken",
                     SSOUrl = "https://snowflakecomputing.okta.com/app/snowflake_testaccountdev_1/blah/sso/saml",
+                    MaxRetryCount = MaxRetryCount,
+                    MaxRetryTimeout = MaxRetryTimeout
                 };
                 var sfSession = new SFSession("account=test;user=test;password=test;authenticator=https://snowflake.okta.com", null, restRequester);
                 sfSession.Open();
@@ -34,10 +38,6 @@ public void TestSsoTokenUrlMismatch()
         [Test]
         public void TestMissingPostbackUrl()
         {
-            const int retryCount = 1;
-            const int retryTimeout = 1;
-            noPostbackContent.Headers.Add(OktaAuthenticator.RetryCountHeader, retryCount.ToString());
-            noPostbackContent.Headers.Add(OktaAuthenticator.TimeoutElapsedHeader, retryTimeout.ToString());
             try
             {
                 var restRequester = new Mock.MockOktaRestRequester()
@@ -45,17 +45,17 @@ public void TestMissingPostbackUrl()
                     TokenUrl = "https://snowflakecomputing.okta.com/api/v1/sessions?additionalFields=cookieToken",
                     SSOUrl = "https://snowflakecomputing.okta.com/app/snowflake_testaccountdev_1/blah/sso/saml",
                     ResponseContent = noPostbackContent,
+                    MaxRetryCount = MaxRetryCount,
+                    MaxRetryTimeout = MaxRetryTimeout
                 };
                 var sfSession = new SFSession("account=test;user=test;password=test;authenticator=https://snowflakecomputing.okta.com;" +
-                    $"host=test;MAXHTTPRETRIES={retryCount};RETRY_TIMEOUT={retryTimeout};", null, restRequester);
+                    $"host=test;MAXHTTPRETRIES={MaxRetryCount};RETRY_TIMEOUT={MaxRetryTimeout};", null, restRequester);
                 sfSession.Open();
                 Assert.Fail("Should not pass");
             } catch (SnowflakeDbException e)
             {
                 Assert.AreEqual(SFError.IDP_SAML_POSTBACK_NOTFOUND.GetAttribute<SFErrorAttr>().errorCode, ((SnowflakeDbException)e.InnerException).ErrorCode);
             }
-            noPostbackContent.Headers.Remove(OktaAuthenticator.RetryCountHeader);
-            noPostbackContent.Headers.Remove(OktaAuthenticator.TimeoutElapsedHeader);
         }
 
         [Test]
@@ -68,6 +68,8 @@ public void TestWrongPostbackUrl()
                     TokenUrl = "https://snowflakecomputing.okta.com/api/v1/sessions?additionalFields=cookieToken",
                     SSOUrl = "https://snowflakecomputing.okta.com/app/snowflake_testaccountdev_1/blah/sso/saml",
                     ResponseContent = wrongPostbackContent,
+                    MaxRetryCount = MaxRetryCount,
+                    MaxRetryTimeout = MaxRetryTimeout
                 };
                 var sfSession = new SFSession("account=test;user=test;password=test;authenticator=https://snowflakecomputing.okta.com;host=test", null, restRequester);
                 sfSession.Open();
diff --git a/Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs b/Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs
index 5df3975c4..be04ceab7 100644
--- a/Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs
+++ b/Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs
@@ -153,7 +153,6 @@ void IAuthenticator.Authenticate()
                     logger.Debug("step 5: verify postback url in SAML reponse");
                     VerifyPostbackUrl();
 
-
                     logger.Debug("step 6: send SAML reponse to snowflake to login");
                     base.Login();
                     break;

From 14bec0133de2b79f520090b1447235533d900bee Mon Sep 17 00:00:00 2001
From: sfc-gh-ext-simba-lf <lfarol@magnitude.com>
Date: Fri, 9 Feb 2024 15:06:51 -0800
Subject: [PATCH 5/7] SNOW-916949: Fix async test for NET Framework

---
 Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs | 8 +++++++-
 Snowflake.Data.Tests/UnitTests/SFOktaTest.cs            | 4 ++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs b/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs
index 534d90a58..fe9419939 100644
--- a/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs
+++ b/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs
@@ -2132,7 +2132,13 @@ public void TestAsyncOktaConnectionUntilMaxTimeout()
                 {
                     Assert.IsInstanceOf<SnowflakeDbException>(e.InnerException);
                     Assert.AreEqual(SFError.INTERNAL_ERROR.GetAttribute<SFErrorAttr>().errorCode, ((SnowflakeDbException)e.InnerException).ErrorCode);
-                    Assert.IsTrue(e.InnerException.InnerException.Message.Contains(
+                    Exception oktaException;
+#if NETFRAMEWORK
+                    oktaException = e.InnerException.InnerException.InnerException;
+#else
+                    oktaException = e.InnerException.InnerException;
+#endif
+                    Assert.IsTrue(oktaException.Message.Contains(
                         $"The retry count has reached its limit of {expectedMaxRetryCount} and " +
                         $"the timeout elapsed has reached its limit of {expectedMaxConnectionTimeout} " +
                         "while trying to authenticate through Okta"));
diff --git a/Snowflake.Data.Tests/UnitTests/SFOktaTest.cs b/Snowflake.Data.Tests/UnitTests/SFOktaTest.cs
index db07f1c66..e801bd30d 100644
--- a/Snowflake.Data.Tests/UnitTests/SFOktaTest.cs
+++ b/Snowflake.Data.Tests/UnitTests/SFOktaTest.cs
@@ -11,8 +11,8 @@ class SFOktaTest
         StringContent wrongPostbackContent = new StringContent(" < !DOCTYPE html >< html lang =\"en\"><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><meta name=\"robots\" content=\"noarchive\"/><meta name=\"googlebot\" content=\"noarchive\"/><meta name=\"robots\" content=\"noindex\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\" />\n<meta name=\"apple-mobile-web-app-capable\" content=\"yes\"><meta name=\"googlebot\" content=\"noindex\" />\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n<meta name=\"robots\" content=\"none\" />\n\n<link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-16x16.c55b69ae49b08edc7c000d12b8e5483f.png\" rel=\"icon\" type=\"image/png\" sizes=\"16x16\"/><link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-32x32.99bc356b6e293b927f9e3a2b69761c26.png\" rel=\"icon\" type=\"image/png\" sizes=\"32x32\"/><link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-96x96.de98828614fa33ca04fcfaa07679f345.png\" rel=\"icon\" type=\"image/png\" sizes=\"96x96\"/><meta name=\"msapplication-TileColor\" content=\"#ffffff\">\n<meta name=\"msapplication-TileImage\" content=\"/img/icons/favicons/ms-icon-144x144.png\">\n<meta name=\"application-name\" content=\"Okta\"/>\n<meta name=\"theme-color\" content=\"#ffffff\">\n<meta name=\"msapplication-config\" content=\"/img/icons/favicons/browserconfig.xml\"/>\n\n<title>Snowflake - Signing in...</title>\n<!--[if IE]><link href=\"https://ok3static.oktacdn.com/assets/css/ie/ie.57ba8b295e567530b9a1b92e266a6eae.css\" type=\"text/css\" rel=\"stylesheet\"/><![endif]-->\n<!--[if gte IE 9]><link href=\"https://ok3static.oktacdn.com/assets/css/ie/ie9.0d563c6ff0555c4086c6606c3e6387e5.css\" type=\"text/css\" rel=\"stylesheet\"/><![endif]-->\n\n<script>if (typeof module === 'object') {window.module = module; module = undefined;}</script>\n\n<script>\n    var okta = {\n        migrateMute: true,\n        locale: 'en',\n        debug: false,\n        deployEnv: 'PROD',\n        userId: '00u141kzp5sTIufWw1d8',\n        settings: {\n            orgId: '00oy3jwwiqWBAGOLOWLT',\n            orgName: 'Snowflake',\n            serverStatus: 'ACTIVE',\n            persona: '',\n            isDeveloperConsole: '' === 'true',\n            isPreview: 'false' === 'true',\n            permissions: []\n        },\n        logHasFeatureError: function(message) {\n            var xhr = new XMLHttpRequest();\n            xhr.open('POST', '/api/internal/client-logging/has-feature-error', true);\n            xhr.setRequestHeader('Content-Type', 'application/json');\n            xhr.send(JSON.stringify({\n              message: message\n            }));\n        }\n\n    };\n</script>\n<script>var _features=[\"MONTHLY_FLAG_2019_01\",\"MONTHLY_FLAG_2018_12\",\"DEV_APPS\",\"MONTHLY_FLAG_2019_04\",\"MONTHLY_FLAG_2018_10\",\"MONTHLY_FLAG_2018_09\",\"MONTHLY_FLAG_2019_05\",\"APP_NOTES\",\"MONTHLY_FLAG_2019_02\",\"MONTHLY_FLAG_2018_11\",\"API_ACCESS_MANAGEMENT\",\"MONTHLY_FLAG_2019_03\"];</script><script>\n      window._features = window._features || [];\n      _features.push('DEV_CONSOLE');\n    </script>\n<script>window.okta || (window.okta = {}); okta.cdnUrlHostname = \"//ok3static.oktacdn.com\"; okta.cdnPerformCheck = false;</script><script>window.okta || (window.okta = {});window.okta.mixpanel = true;window.okta.mixpanelTrackingSamplingFactors = {\"_DEFAULT\":1.0};</script><script src=\"https://ok3static.oktacdn.com/assets/js/jquery-1.12.4.min.e93c5a2265fbe2a3e96fe19159fc9a84.js\" crossorigin=\"anonymous\" integrity=\"sha384-KA5uVfsh/aGN4nZ9iqQ+CAYy0emdYEnjgFsPzqxBi2AMeqLX5qoCiY4ICzIg61TX\" type=\"text/javascript\"></script><!--[if lt IE 9]><script src=\"https://ok3static.oktacdn.com/assets/enduser/js/vendor/css3-mediaqueries.fa295f0132f5335f352071ca3613a94a.js\" crossorigin=\"anonymous\" integrity=\"sha384-7pU2GSgyec3nzQMUNSuzanfJelP9UCOyHil0bOv+WnPKSS9lNA/tcxPyr7NV2w6c\" type=\"text/javascript\"></script><![endif]-->\n\n<script>if (window.module) module = window.module;</script>\n\n</head>\n<body id=\"app\" class=\"enduser-app  \">\n<noscript><div id=\"noscript-mask\"></div><div id=\"noscript-msg\" class=\"infobox infobox-warning infobox-compact\"><span class=\"icon warning-16\"></span><h3>Javascript is disabled on your browser.</h3><p>Please enable Javascript and refresh this page to use Okta.</p></div></noscript>\n\n<div id=\"container\">\n<link href=\"https://ok3static.oktacdn.com/assets/css/sections/interstitial.8c2f4a8544ec4c72abb54659e8a83b0e.css\" type=\"text/css\" rel=\"stylesheet\"/><script>\n    var interstitialMinWaitTime = 1200;\n    </script>\n<!--[if lte IE 9]>\n            <style type=\"text/css\">\n                #okta-auth-spin {\n                    top: 35%;\n                }\n            </style>\n        <![endif]-->\n\n        <!--[if lte IE 8]>\n            <style type=\"text/css\">\n                #okta-auth-band {\n                    height: 200px;\n                }\n            </style>\n        <![endif]-->\n\n        <div id=\"okta-interstitial-wrap\">\n                <div class=\"okta-auth-mask-new-interstitial\"></div>\n        <div class=\"new-interstitial\" id=\"new-interstitial\">\n        <div id=\"okta-auth-band\">\n            <img src=\"https://ok3static.oktacdn.com/assets/img/ui/indicators/new_interstitial_static.9481d4731547cec09b26be142dbeec61.png\" width=\"376\" height=\"160\" alt=\"Please wait\" class=\"new-img-static\"/><img src=\"https://ok3static.oktacdn.com/assets/img/ui/indicators/new_interstitial.c41c3b6f3a84458aca9a5919f238fbe3.gif\" width=\"376\" height=\"160\" alt=\"Please wait\" class=\"new-img\"/><img src=\"https://ok3static.oktacdn.com/assets/img/logos/okta_watermark.4a7f2ccf7d0a787cff6f59fb67f72843.png\" width=\"106\" height=\"36\" alt=\"Okta\" class=\"okta-logo\"/><div id=\"okta-auth-spin\"></div>\n                    <div id=\"okta-auth-spin-small\"></div>\n                <h1 id=\"okta-auth-heading\" class ='signing-in-text'>Signing in to TESTACCOUNT (regression)</h1>\n        </div>\n        </div> <!--new-interstitial -->\n        </div> <!--okta-interstitial-wrap -->\n\n        <script type=\"text/javascript\">\n            $(function(){\n                var isFFSVGFixEnabled = 'false';\n                if ($('#okta-auth-spin').hasClass('android-spinner')) {\n                    return;\n                }\n\n                // Remove gif animation for Safari\n                var isSafari = /AppleWebKit/.test(navigator.userAgent) && !/Chrome/.test(navigator.userAgent) && /Apple Computer/.test(navigator.vendor);\n                if (isFFSVGFixEnabled && isSafari) {\n                    $('.new-img').hide(0);\n                } else {\n                    $('.new-img').on('load', function(evt){\n                        //gif loaded correctly, fade out static asset and fade in gif\n                        //making sure we show the graphic before the form submit happens in 200ms\n                        $('.new-img-static').hide(0,function(){\n                            $('.new-img').show(0);\n                        });\n                    });\n                }\n\n                //For cached images with src the load event fires just before you add a listener for it. Hence setting the source again to make sure the event handlers fire in the right order.\n                var assetUrl = $('.new-img').attr('src');\n                $('.new-img').attr('src', assetUrl);\n\n                var standard = document.getElementById('okta-auth-spin');\n                var small = document.getElementById('okta-auth-spin-small');\n\n                var optsStandard = {\n                    lines: 9, // The number of lines to draw\n                    length: 0, // The length of each line\n                    width: 8, // The line thickness\n                    radius: 21, // The radius of the inner circle\n                    corners: 1, // Corner roundness (0..1)\n                    rotate: 0, // The rotation offset\n                    direction: 1, // 1: clockwise, -1: counterclockwise\n                    color: '#fff', // #rgb or #rrggbb\n                    speed: 1, // Rounds per second\n                    trail: 60, // Afterglow percentage\n                    shadow: false, // Whether to render a shadow\n                    hwaccel: false, // Whether to use hardware acceleration\n                    className: 'okta-auth-spinner', // The CSS class to assign to the spinner\n                    zIndex: 2e9, // The z-index (defaults to 2000000000)\n                    top: 'auto', // Top position relative to parent in px\n                    left: 'auto' // Left position relative to parent in px\n                };\n\n                var optsSmall = {\n                    lines: 9, // The number of lines to draw\n                    length: 0, // The length of each line\n                    width: 6, // The line thickness\n                    radius: 14, // The radius of the inner circle\n                    corners: 1, // Corner roundness (0..1)\n                    rotate: 0, // The rotation offset\n                    direction: 1, // 1: clockwise, -1: counterclockwise\n                    color: '#fff', // #rgb or #rrggbb\n                    speed: 1, // Rounds per second\n                    trail: 60, // Afterglow percentage\n                    shadow: false, // Whether to render a shadow\n                    hwaccel: false, // Whether to use hardware acceleration\n                    className: 'okta-auth-spinner', // The CSS class to assign to the spinner\n                    zIndex: 2e9, // The z-index (defaults to 2000000000)\n                    top: 'auto', // Top position relative to parent in px\n                    left: 'auto' // Left position relative to parent in px\n                };\n                if (typeof Spinner === 'function') {\n                    var spinnerStandard = new Spinner(optsStandard);\n                    var spinnerSmall = new Spinner(optsSmall);\n\n                    spinnerStandard.spin(standard);\n                    spinnerSmall.spin(small);\n                }\n\n            });\n        </script>\n    <form id=\"appForm\" action=\"http&#x3a;&#x2f;&#x2f;testaccount.dev.snowflakecomputing.com&#x3a;8082&#x2f;fed&#x2f;login\" method=\"POST\">\n    <input name=\"SAMLResponse\" type=\"hidden\" value=\"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBEZXN0aW5hdGlvbj0iaHR0cDovL3Rlc3RhY2NvdW50LnNub3dmbGFrZWNvbXB1dGluZy5jb206ODA4Mi9mZWQvbG9naW4iIElEPSJpZDM2OTI3Nzc0NDA0Njg3NDIxODk5NjI5MTcwIiBJc3N1ZUluc3RhbnQ9IjIwMTktMDUtMjhUMjE6MzQ6MTkuMzI2WiIgVmVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI&#x2b;aHR0cDovL3d3dy5va3RhLmNvbS9leGsxYTU1aWtwelcxVlBWcjFkODwvc2FtbDI6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8&#x2b;PGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48ZHM6UmVmZXJlbmNlIFVSST0iI2lkMzY5Mjc3NzQ0MDQ2ODc0MjE4OTk2MjkxNzAiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM&#x2b;PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkczpEaWdlc3RWYWx1ZT5hUDYvbUhGMFFKTUdkWlJSNlVYZ2o0QW9HaW5WMnF3VHBRVytEVzVHcnJFPTwvZHM6RGlnZXN0VmFsdWU&#x2b;PC9kczpSZWZlcmVuY2U&#x2b;PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5KNlYrYVFMaTRTVGR3NXFmWEU3czRrVS9ycHRDaWYvM0liUnRWaWc4K2Y1SldMWDdiaVlqZExueWlhRHpObGRVYXJzeGQzRDd5eHkzUWNyZ2hCRlp3ZGVlbFR5b3krWmZFSzltd3NnTm9wMTFKTktneHRsNTRnNmhiSUlOaXVVOEhxOExUNUs2SXAzZE5ZN1E1WFV2U09rTVUwZUg5M3ZDMExVaWVYZDJBektqSUtaa3lZNmlDdi9BSis5SUNvQk9FMHBTZnl2RjNiZjRWRmhWQkwvSVBFMFg1eTBIZzFERmNZWXhqaVhrYXU2cmN2NjBDcEZ6ejdxaFJCOTJyWDEyMm0zRHlaR3ZVVHJEalVsRXd0Mk0yazhyNy8zWjlURWc2VE9wc3ovMmNEME1xTHBNOWJtenpkZWQ4MzZoUC83WlJiUG5UNGM0OHAvakRCMXNieTMyS1E9PTwvZHM6U2lnbmF0dXJlVmFsdWU&#x2b;PGRzOktleUluZm8&#x2b;PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU&#x2b;TUlJRHREQ0NBcHlnQXdJQkFnSUdBVmhLZEhkc01BMEdDU3FHU0liM0RRRUJDd1VBTUlHYU1Rc3dDUVlEVlFRR0V3SlZVekVUTUJFRwpBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeVlXNWphWE5qYnpFTk1Bc0dBMVVFQ2d3RVQydDBZVEVVCk1CSUdBMVVFQ3d3TFUxTlBVSEp2ZG1sa1pYSXhHekFaQmdOVkJBTU1Fbk51YjNkbWJHRnJaV052YlhCMWRHbHVaekVjTUJvR0NTcUcKU0liM0RRRUpBUllOYVc1bWIwQnZhM1JoTG1OdmJUQWVGdzB4TmpFeE1Ea3hPRFUzTVRaYUZ3MHlOakV4TURreE9EVTRNVFphTUlHYQpNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeVlXNWphWE5qCmJ6RU5NQXNHQTFVRUNnd0VUMnQwWVRFVU1CSUdBMVVFQ3d3TFUxTlBVSEp2ZG1sa1pYSXhHekFaQmdOVkJBTU1Fbk51YjNkbWJHRnIKWldOdmJYQjFkR2x1WnpFY01Cb0dDU3FHU0liM0RRRUpBUllOYVc1bWIwQnZhM1JoTG1OdmJUQ0NBU0l3RFFZSktvWklodmNOQVFFQgpCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMY1VadDZEMVh0ck1Mc08rakp4cS95R29LV1JBbXRTeU9kSVhITEVkMWppSFNuUkxOdEM5VldaClNHVTVZcTliSDlrR0x3NDZrVWZXcXlGb05rM2VQOVVQRlY2NUZ3emtrU24rNDhYMkl4WXBHUjcwSnJjYlBBS3l6VlR4M1U5NXkrZ0MKaUlkSjdsWUFNNWxCaUY5UTgxVjE5RzA2cHpsbzBSVlpPQ09sbHZCU2RrUnJiQXhlRGNTN2tSRElxUGh6SHdIM1hWOWpmLzRjZVhmUQpCUXZjKzIxWEZnTzRXTmtrWUxlemllYzQzNkd2aittRmRLVHhiTktpQmdxbnQ5VUZmM3hxdG01ajlyTDdHQ0VtNmVnL0dhdW84VFZNCng3c21GSVBkZVNrUmRFVytxU2tPbjlHdzhZZHNEY2UzRTRjVXlnY3o1WjZMakFRbGNVYVNaVTlqZlpNQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQVFFQVdURmowVXkwQ0xGbThYdzh3dlhjQlA3aU5vMjFIcS9rbStJL0UzbnVKMDlPcmlFamMwRGJyZ0ZvN3ZqSQpxSUU4YWEyM2J3eUlBbEZZQzZ3NlF6TFpIeG9EbnpLU1FRSEM5NXVEYW9XcXVvWTdYb3UvSjlvQjJtQy8vL0l5ME1OOHljWCs1YnRuClM2cWRWVnVXaE9HMEMrOXg4UGIydW1DNlFUcXBTZ3E0U01nV0VOellFUnZaRDgzTTFsZzY5aElZaVRqZ2tCMU1FQXZWbUs0N0M2UlgKQXZzMld1T0Vkc1V3M1g4T0FSLzh4TWlpamt3ZzByeU93TGxONzRHZGphTEVnWU5PM0tqdjNiOEh3UlJKMXdkekxZV0tBaXFXb1R3aQpXcGNZcytlbVlPcVZSNTJzR1NGYnQrbmEzVStFZXRtVStPa0J1TjhIcXJYVFY5ekFmZTE3SGc9PTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE&#x2b;PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sMnA6U3RhdHVzIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbDJwOlN0YXR1cz48c2FtbDI6QXNzZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iaWQzNjkyNzc3NDQwNTUxMTYwMTQ1MDQ4NjgyOSIgSXNzdWVJbnN0YW50PSIyMDE5LTA1LTI4VDIxOjM0OjE5LjMyNloiIFZlcnNpb249IjIuMCI&#x2b;PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly93d3cub2t0YS5jb20vZXhrMWE1NWlrcHpXMVZQVnIxZDg8L3NhbWwyOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8&#x2b;PGRzOlJlZmVyZW5jZSBVUkk9IiNpZDM2OTI3Nzc0NDA1NTExNjAxNDUwNDg2ODI5Ij48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8&#x2b;PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHM6RGlnZXN0VmFsdWU&#x2b;VUQ0SHNVNzRCbGFSNjcxTnJBaFVvNWJqYlpEemJwTnp0SVpza2lJMGRkTT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU&#x2b;aVA0emZWQVJsdTVaM0gya3B4V0hYeVNpZzZabERKdXdvd0FobW95Wmg3VmxPK0txaGdvYXBrTGxxNW1FTTdhTXg3V3VodjBRM0luNjlaYjl6UGJqaWpsYWQzWW4vTTRDVGVveFZBV0dUN1VtMDhJdnBsc2NEK1RKSks1WG9BRWZVcGp3MVlzczgycEJhVlgwbVp1citla1Y1MEhvUUhsb1FUTUpDeHJ4aXB0aXBSSmhlblR5QVBQelVDQ3R5K1crenNKaWZTdnRLNWFEcmEvSnlRMFJyRWNlakdKRjlrbFlFUnVwNGE1QlpMSmlKQ1JLWXZzOCtYWlhjakVMV1RIWUpHMjUvZXRBVVgvQ3drU3h6WlYzckU4ZjVMbU9iTTJGTTg5bjE5aHJTc0tmUWFhdkU3WDBEeURJTU5GNHpoZndFcTVUZTJaWXdRMnczRHZHazBBekxRPT08L2RzOlNpZ25hdHVyZVZhbHVlPjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUR0RENDQXB5Z0F3SUJBZ0lHQVZoS2RIZHNNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JR2FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUcKQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVTJGdUlFWnlZVzVqYVhOamJ6RU5NQXNHQTFVRUNnd0VUMnQwWVRFVQpNQklHQTFVRUN3d0xVMU5QVUhKdmRtbGtaWEl4R3pBWkJnTlZCQU1NRW5OdWIzZG1iR0ZyWldOdmJYQjFkR2x1WnpFY01Cb0dDU3FHClNJYjNEUUVKQVJZTmFXNW1iMEJ2YTNSaExtTnZiVEFlRncweE5qRXhNRGt4T0RVM01UWmFGdzB5TmpFeE1Ea3hPRFU0TVRaYU1JR2EKTVFzd0NRWURWUVFHRXdKVlV6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVTJGdUlFWnlZVzVqYVhOagpiekVOTUFzR0ExVUVDZ3dFVDJ0MFlURVVNQklHQTFVRUN3d0xVMU5QVUhKdmRtbGtaWEl4R3pBWkJnTlZCQU1NRW5OdWIzZG1iR0ZyClpXTnZiWEIxZEdsdVp6RWNNQm9HQ1NxR1NJYjNEUUVKQVJZTmFXNW1iMEJ2YTNSaExtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUIKQlFBRGdnRVBBRENDQVFvQ2dnRUJBTGNVWnQ2RDFYdHJNTHNPK2pKeHEveUdvS1dSQW10U3lPZElYSExFZDFqaUhTblJMTnRDOVZXWgpTR1U1WXE5Ykg5a0dMdzQ2a1VmV3F5Rm9OazNlUDlVUEZWNjVGd3pra1NuKzQ4WDJJeFlwR1I3MEpyY2JQQUt5elZUeDNVOTV5K2dDCmlJZEo3bFlBTTVsQmlGOVE4MVYxOUcwNnB6bG8wUlZaT0NPbGx2QlNka1JyYkF4ZURjUzdrUkRJcVBoekh3SDNYVjlqZi80Y2VYZlEKQlF2YysyMVhGZ080V05ra1lMZXppZWM0MzZHdmorbUZkS1R4Yk5LaUJncW50OVVGZjN4cXRtNWo5ckw3R0NFbTZlZy9HYXVvOFRWTQp4N3NtRklQZGVTa1JkRVcrcVNrT245R3c4WWRzRGNlM0U0Y1V5Z2N6NVo2TGpBUWxjVWFTWlU5amZaTUNBd0VBQVRBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFXVEZqMFV5MENMRm04WHc4d3ZYY0JQN2lObzIxSHEva20rSS9FM251SjA5T3JpRWpjMERicmdGbzd2akkKcUlFOGFhMjNid3lJQWxGWUM2dzZRekxaSHhvRG56S1NRUUhDOTV1RGFvV3F1b1k3WG91L0o5b0IybUMvLy9JeTBNTjh5Y1grNWJ0bgpTNnFkVlZ1V2hPRzBDKzl4OFBiMnVtQzZRVHFwU2dxNFNNZ1dFTnpZRVJ2WkQ4M00xbGc2OWhJWWlUamdrQjFNRUF2Vm1LNDdDNlJYCkF2czJXdU9FZHNVdzNYOE9BUi84eE1paWprd2cwcnlPd0xsTjc0R2RqYUxFZ1lOTzNLanYzYjhId1JSSjF3ZHpMWVdLQWlxV29Ud2kKV3BjWXMrZW1ZT3FWUjUyc0dTRmJ0K25hM1UrRWV0bVUrT2tCdU44SHFyWFRWOXpBZmUxN0hnPT08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbDI6U3ViamVjdCB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI&#x2b;PHNhbWwyOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIj5xYUBzbm93Zmxha2Vjb21wdXRpbmcuY29tPC9zYW1sMjpOYW1lSUQ&#x2b;PHNhbWwyOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDE5LTA1LTI4VDIxOjM5OjE5LjMyNloiIFJlY2lwaWVudD0iaHR0cDovL3Rlc3RhY2NvdW50LnNub3dmbGFrZWNvbXB1dGluZy5jb206ODA4Mi9mZWQvbG9naW4iLz48L3NhbWwyOlN1YmplY3RDb25maXJtYXRpb24&#x2b;PC9zYW1sMjpTdWJqZWN0PjxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxOS0wNS0yOFQyMToyOToxOS4zMjZaIiBOb3RPbk9yQWZ0ZXI9IjIwMTktMDUtMjhUMjE6Mzk6MTkuMzI2WiIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sMjpBdWRpZW5jZT5odHRwOi8vdGVzdGFjY291bnQuc25vd2ZsYWtlY29tcHV0aW5nLmNvbTo4MDgyL2ZlZC9sb2dpbjwvc2FtbDI6QXVkaWVuY2U&#x2b;PC9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDI6Q29uZGl0aW9ucz48c2FtbDI6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE5LTA1LTI4VDIxOjM0OjE5LjMyNloiIFNlc3Npb25JbmRleD0iaWQxNTU5MDc5MjU5MzI2LjQ0NjkwMzY4OCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sMjpBdXRobkNvbnRleHQ&#x2b;PHNhbWwyOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9zYW1sMjpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWwyOkF1dGhuQ29udGV4dD48L3NhbWwyOkF1dGhuU3RhdGVtZW50Pjwvc2FtbDI6QXNzZXJ0aW9uPjwvc2FtbDJwOlJlc3BvbnNlPg&#x3d;&#x3d;\"/>\n    <input name=\"RelayState\" type=\"hidden\" value=\"&#x2f;some&#x2f;deep&#x2f;link\"/>\n</form>\n\n<script src=\"https://ok3static.oktacdn.com/assets/js/app/sso/interstitial.474dce61acfac4a4d016921943cf2a68.js\" crossorigin=\"anonymous\" integrity=\"sha384-rIRjIHrr5XnyB1DG8t+uL1F3e5asM+gYMial0fj56hCWADEBdp3BiwtOAnNpU7Zc\" type=\"text/javascript\"></script></div>\n<!-- close #container -->\n</body>\n</html>\n");
         StringContent noPostbackContent = new StringContent(" < !DOCTYPE html >< html lang =\"en\"><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><meta name=\"robots\" content=\"noarchive\"/><meta name=\"googlebot\" content=\"noarchive\"/><meta name=\"robots\" content=\"noindex\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\" />\n<meta name=\"apple-mobile-web-app-capable\" content=\"yes\"><meta name=\"googlebot\" content=\"noindex\" />\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n<meta name=\"robots\" content=\"none\" />\n\n<link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-16x16.c55b69ae49b08edc7c000d12b8e5483f.png\" rel=\"icon\" type=\"image/png\" sizes=\"16x16\"/><link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-32x32.99bc356b6e293b927f9e3a2b69761c26.png\" rel=\"icon\" type=\"image/png\" sizes=\"32x32\"/><link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-96x96.de98828614fa33ca04fcfaa07679f345.png\" rel=\"icon\" type=\"image/png\" sizes=\"96x96\"/><meta name=\"msapplication-TileColor\" content=\"#ffffff\">\n<meta name=\"msapplication-TileImage\" content=\"/img/icons/favicons/ms-icon-144x144.png\">\n<meta name=\"application-name\" content=\"Okta\"/>\n<meta name=\"theme-color\" content=\"#ffffff\">\n<meta name=\"msapplication-config\" content=\"/img/icons/favicons/browserconfig.xml\"/>\n\n<title>Snowflake - Signing in...</title>\n<!--[if IE]><link href=\"https://ok3static.oktacdn.com/assets/css/ie/ie.57ba8b295e567530b9a1b92e266a6eae.css\" type=\"text/css\" rel=\"stylesheet\"/><![endif]-->\n<!--[if gte IE 9]><link href=\"https://ok3static.oktacdn.com/assets/css/ie/ie9.0d563c6ff0555c4086c6606c3e6387e5.css\" type=\"text/css\" rel=\"stylesheet\"/><![endif]-->\n\n<script>if (typeof module === 'object') {window.module = module; module = undefined;}</script>\n\n<script>\n    var okta = {\n        migrateMute: true,\n        locale: 'en',\n        debug: false,\n        deployEnv: 'PROD',\n        userId: '00u141kzp5sTIufWw1d8',\n        settings: {\n            orgId: '00oy3jwwiqWBAGOLOWLT',\n            orgName: 'Snowflake',\n            serverStatus: 'ACTIVE',\n            persona: '',\n            isDeveloperConsole: '' === 'true',\n            isPreview: 'false' === 'true',\n            permissions: []\n        },\n        logHasFeatureError: function(message) {\n            var xhr = new XMLHttpRequest();\n            xhr.open('POST', '/api/internal/client-logging/has-feature-error', true);\n            xhr.setRequestHeader('Content-Type', 'application/json');\n            xhr.send(JSON.stringify({\n              message: message\n            }));\n        }\n\n    };\n</script>\n<script>var _features=[\"MONTHLY_FLAG_2019_01\",\"MONTHLY_FLAG_2018_12\",\"DEV_APPS\",\"MONTHLY_FLAG_2019_04\",\"MONTHLY_FLAG_2018_10\",\"MONTHLY_FLAG_2018_09\",\"MONTHLY_FLAG_2019_05\",\"APP_NOTES\",\"MONTHLY_FLAG_2019_02\",\"MONTHLY_FLAG_2018_11\",\"API_ACCESS_MANAGEMENT\",\"MONTHLY_FLAG_2019_03\"];</script><script>\n      window._features = window._features || [];\n      _features.push('DEV_CONSOLE');\n    </script>\n<script>window.okta || (window.okta = {}); okta.cdnUrlHostname = \"//ok3static.oktacdn.com\"; okta.cdnPerformCheck = false;</script><script>window.okta || (window.okta = {});window.okta.mixpanel = true;window.okta.mixpanelTrackingSamplingFactors = {\"_DEFAULT\":1.0};</script><script src=\"https://ok3static.oktacdn.com/assets/js/jquery-1.12.4.min.e93c5a2265fbe2a3e96fe19159fc9a84.js\" crossorigin=\"anonymous\" integrity=\"sha384-KA5uVfsh/aGN4nZ9iqQ+CAYy0emdYEnjgFsPzqxBi2AMeqLX5qoCiY4ICzIg61TX\" type=\"text/javascript\"></script><!--[if lt IE 9]><script src=\"https://ok3static.oktacdn.com/assets/enduser/js/vendor/css3-mediaqueries.fa295f0132f5335f352071ca3613a94a.js\" crossorigin=\"anonymous\" integrity=\"sha384-7pU2GSgyec3nzQMUNSuzanfJelP9UCOyHil0bOv+WnPKSS9lNA/tcxPyr7NV2w6c\" type=\"text/javascript\"></script><![endif]-->\n\n<script>if (window.module) module = window.module;</script>\n\n</head>\n<body id=\"app\" class=\"enduser-app  \">\n<noscript><div id=\"noscript-mask\"></div><div id=\"noscript-msg\" class=\"infobox infobox-warning infobox-compact\"><span class=\"icon warning-16\"></span><h3>Javascript is disabled on your browser.</h3><p>Please enable Javascript and refresh this page to use Okta.</p></div></noscript>\n\n<div id=\"container\">\n<link href=\"https://ok3static.oktacdn.com/assets/css/sections/interstitial.8c2f4a8544ec4c72abb54659e8a83b0e.css\" type=\"text/css\" rel=\"stylesheet\"/><script>\n    var interstitialMinWaitTime = 1200;\n    </script>\n<!--[if lte IE 9]>\n            <style type=\"text/css\">\n                #okta-auth-spin {\n                    top: 35%;\n                }\n            </style>\n        <![endif]-->\n\n        <!--[if lte IE 8]>\n            <style type=\"text/css\">\n                #okta-auth-band {\n                    height: 200px;\n                }\n            </style>\n        <![endif]-->\n\n        <div id=\"okta-interstitial-wrap\">\n                <div class=\"okta-auth-mask-new-interstitial\"></div>\n        <div class=\"new-interstitial\" id=\"new-interstitial\">\n        <div id=\"okta-auth-band\">\n            <img src=\"https://ok3static.oktacdn.com/assets/img/ui/indicators/new_interstitial_static.9481d4731547cec09b26be142dbeec61.png\" width=\"376\" height=\"160\" alt=\"Please wait\" class=\"new-img-static\"/><img src=\"https://ok3static.oktacdn.com/assets/img/ui/indicators/new_interstitial.c41c3b6f3a84458aca9a5919f238fbe3.gif\" width=\"376\" height=\"160\" alt=\"Please wait\" class=\"new-img\"/><img src=\"https://ok3static.oktacdn.com/assets/img/logos/okta_watermark.4a7f2ccf7d0a787cff6f59fb67f72843.png\" width=\"106\" height=\"36\" alt=\"Okta\" class=\"okta-logo\"/><div id=\"okta-auth-spin\"></div>\n                    <div id=\"okta-auth-spin-small\"></div>\n                <h1 id=\"okta-auth-heading\" class ='signing-in-text'>Signing in to TESTACCOUNT (regression)</h1>\n        </div>\n        </div> <!--new-interstitial -->\n        </div> <!--okta-interstitial-wrap -->\n\n        <script type=\"text/javascript\">\n            $(function(){\n                var isFFSVGFixEnabled = 'false';\n                if ($('#okta-auth-spin').hasClass('android-spinner')) {\n                    return;\n                }\n\n                // Remove gif animation for Safari\n                var isSafari = /AppleWebKit/.test(navigator.userAgent) && !/Chrome/.test(navigator.userAgent) && /Apple Computer/.test(navigator.vendor);\n                if (isFFSVGFixEnabled && isSafari) {\n                    $('.new-img').hide(0);\n                } else {\n                    $('.new-img').on('load', function(evt){\n                        //gif loaded correctly, fade out static asset and fade in gif\n                        //making sure we show the graphic before the form submit happens in 200ms\n                        $('.new-img-static').hide(0,function(){\n                            $('.new-img').show(0);\n                        });\n                    });\n                }\n\n                //For cached images with src the load event fires just before you add a listener for it. Hence setting the source again to make sure the event handlers fire in the right order.\n                var assetUrl = $('.new-img').attr('src');\n                $('.new-img').attr('src', assetUrl);\n\n                var standard = document.getElementById('okta-auth-spin');\n                var small = document.getElementById('okta-auth-spin-small');\n\n                var optsStandard = {\n                    lines: 9, // The number of lines to draw\n                    length: 0, // The length of each line\n                    width: 8, // The line thickness\n                    radius: 21, // The radius of the inner circle\n                    corners: 1, // Corner roundness (0..1)\n                    rotate: 0, // The rotation offset\n                    direction: 1, // 1: clockwise, -1: counterclockwise\n                    color: '#fff', // #rgb or #rrggbb\n                    speed: 1, // Rounds per second\n                    trail: 60, // Afterglow percentage\n                    shadow: false, // Whether to render a shadow\n                    hwaccel: false, // Whether to use hardware acceleration\n                    className: 'okta-auth-spinner', // The CSS class to assign to the spinner\n                    zIndex: 2e9, // The z-index (defaults to 2000000000)\n                    top: 'auto', // Top position relative to parent in px\n                    left: 'auto' // Left position relative to parent in px\n                };\n\n                var optsSmall = {\n                    lines: 9, // The number of lines to draw\n                    length: 0, // The length of each line\n                    width: 6, // The line thickness\n                    radius: 14, // The radius of the inner circle\n                    corners: 1, // Corner roundness (0..1)\n                    rotate: 0, // The rotation offset\n                    direction: 1, // 1: clockwise, -1: counterclockwise\n                    color: '#fff', // #rgb or #rrggbb\n                    speed: 1, // Rounds per second\n                    trail: 60, // Afterglow percentage\n                    shadow: false, // Whether to render a shadow\n                    hwaccel: false, // Whether to use hardware acceleration\n                    className: 'okta-auth-spinner', // The CSS class to assign to the spinner\n                    zIndex: 2e9, // The z-index (defaults to 2000000000)\n                    top: 'auto', // Top position relative to parent in px\n                    left: 'auto' // Left position relative to parent in px\n                };\n                if (typeof Spinner === 'function') {\n                    var spinnerStandard = new Spinner(optsStandard);\n                    var spinnerSmall = new Spinner(optsSmall);\n\n                    spinnerStandard.spin(standard);\n                    spinnerSmall.spin(small);\n                }\n\n            });\n        </script>\n    <form id=\"appForm\" method=\"POST\">\n    <input name=\"SAMLResponse\" type=\"hidden\" value=\"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBEZXN0aW5hdGlvbj0iaHR0cDovL3Rlc3RhY2NvdW50LnNub3dmbGFrZWNvbXB1dGluZy5jb206ODA4Mi9mZWQvbG9naW4iIElEPSJpZDM2OTI3Nzc0NDA0Njg3NDIxODk5NjI5MTcwIiBJc3N1ZUluc3RhbnQ9IjIwMTktMDUtMjhUMjE6MzQ6MTkuMzI2WiIgVmVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI&#x2b;aHR0cDovL3d3dy5va3RhLmNvbS9leGsxYTU1aWtwelcxVlBWcjFkODwvc2FtbDI6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8&#x2b;PGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48ZHM6UmVmZXJlbmNlIFVSST0iI2lkMzY5Mjc3NzQ0MDQ2ODc0MjE4OTk2MjkxNzAiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM&#x2b;PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkczpEaWdlc3RWYWx1ZT5hUDYvbUhGMFFKTUdkWlJSNlVYZ2o0QW9HaW5WMnF3VHBRVytEVzVHcnJFPTwvZHM6RGlnZXN0VmFsdWU&#x2b;PC9kczpSZWZlcmVuY2U&#x2b;PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5KNlYrYVFMaTRTVGR3NXFmWEU3czRrVS9ycHRDaWYvM0liUnRWaWc4K2Y1SldMWDdiaVlqZExueWlhRHpObGRVYXJzeGQzRDd5eHkzUWNyZ2hCRlp3ZGVlbFR5b3krWmZFSzltd3NnTm9wMTFKTktneHRsNTRnNmhiSUlOaXVVOEhxOExUNUs2SXAzZE5ZN1E1WFV2U09rTVUwZUg5M3ZDMExVaWVYZDJBektqSUtaa3lZNmlDdi9BSis5SUNvQk9FMHBTZnl2RjNiZjRWRmhWQkwvSVBFMFg1eTBIZzFERmNZWXhqaVhrYXU2cmN2NjBDcEZ6ejdxaFJCOTJyWDEyMm0zRHlaR3ZVVHJEalVsRXd0Mk0yazhyNy8zWjlURWc2VE9wc3ovMmNEME1xTHBNOWJtenpkZWQ4MzZoUC83WlJiUG5UNGM0OHAvakRCMXNieTMyS1E9PTwvZHM6U2lnbmF0dXJlVmFsdWU&#x2b;PGRzOktleUluZm8&#x2b;PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU&#x2b;TUlJRHREQ0NBcHlnQXdJQkFnSUdBVmhLZEhkc01BMEdDU3FHU0liM0RRRUJDd1VBTUlHYU1Rc3dDUVlEVlFRR0V3SlZVekVUTUJFRwpBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeVlXNWphWE5qYnpFTk1Bc0dBMVVFQ2d3RVQydDBZVEVVCk1CSUdBMVVFQ3d3TFUxTlBVSEp2ZG1sa1pYSXhHekFaQmdOVkJBTU1Fbk51YjNkbWJHRnJaV052YlhCMWRHbHVaekVjTUJvR0NTcUcKU0liM0RRRUpBUllOYVc1bWIwQnZhM1JoTG1OdmJUQWVGdzB4TmpFeE1Ea3hPRFUzTVRaYUZ3MHlOakV4TURreE9EVTRNVFphTUlHYQpNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeVlXNWphWE5qCmJ6RU5NQXNHQTFVRUNnd0VUMnQwWVRFVU1CSUdBMVVFQ3d3TFUxTlBVSEp2ZG1sa1pYSXhHekFaQmdOVkJBTU1Fbk51YjNkbWJHRnIKWldOdmJYQjFkR2x1WnpFY01Cb0dDU3FHU0liM0RRRUpBUllOYVc1bWIwQnZhM1JoTG1OdmJUQ0NBU0l3RFFZSktvWklodmNOQVFFQgpCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMY1VadDZEMVh0ck1Mc08rakp4cS95R29LV1JBbXRTeU9kSVhITEVkMWppSFNuUkxOdEM5VldaClNHVTVZcTliSDlrR0x3NDZrVWZXcXlGb05rM2VQOVVQRlY2NUZ3emtrU24rNDhYMkl4WXBHUjcwSnJjYlBBS3l6VlR4M1U5NXkrZ0MKaUlkSjdsWUFNNWxCaUY5UTgxVjE5RzA2cHpsbzBSVlpPQ09sbHZCU2RrUnJiQXhlRGNTN2tSRElxUGh6SHdIM1hWOWpmLzRjZVhmUQpCUXZjKzIxWEZnTzRXTmtrWUxlemllYzQzNkd2aittRmRLVHhiTktpQmdxbnQ5VUZmM3hxdG01ajlyTDdHQ0VtNmVnL0dhdW84VFZNCng3c21GSVBkZVNrUmRFVytxU2tPbjlHdzhZZHNEY2UzRTRjVXlnY3o1WjZMakFRbGNVYVNaVTlqZlpNQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQVFFQVdURmowVXkwQ0xGbThYdzh3dlhjQlA3aU5vMjFIcS9rbStJL0UzbnVKMDlPcmlFamMwRGJyZ0ZvN3ZqSQpxSUU4YWEyM2J3eUlBbEZZQzZ3NlF6TFpIeG9EbnpLU1FRSEM5NXVEYW9XcXVvWTdYb3UvSjlvQjJtQy8vL0l5ME1OOHljWCs1YnRuClM2cWRWVnVXaE9HMEMrOXg4UGIydW1DNlFUcXBTZ3E0U01nV0VOellFUnZaRDgzTTFsZzY5aElZaVRqZ2tCMU1FQXZWbUs0N0M2UlgKQXZzMld1T0Vkc1V3M1g4T0FSLzh4TWlpamt3ZzByeU93TGxONzRHZGphTEVnWU5PM0tqdjNiOEh3UlJKMXdkekxZV0tBaXFXb1R3aQpXcGNZcytlbVlPcVZSNTJzR1NGYnQrbmEzVStFZXRtVStPa0J1TjhIcXJYVFY5ekFmZTE3SGc9PTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE&#x2b;PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sMnA6U3RhdHVzIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbDJwOlN0YXR1cz48c2FtbDI6QXNzZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iaWQzNjkyNzc3NDQwNTUxMTYwMTQ1MDQ4NjgyOSIgSXNzdWVJbnN0YW50PSIyMDE5LTA1LTI4VDIxOjM0OjE5LjMyNloiIFZlcnNpb249IjIuMCI&#x2b;PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly93d3cub2t0YS5jb20vZXhrMWE1NWlrcHpXMVZQVnIxZDg8L3NhbWwyOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8&#x2b;PGRzOlJlZmVyZW5jZSBVUkk9IiNpZDM2OTI3Nzc0NDA1NTExNjAxNDUwNDg2ODI5Ij48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8&#x2b;PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHM6RGlnZXN0VmFsdWU&#x2b;VUQ0SHNVNzRCbGFSNjcxTnJBaFVvNWJqYlpEemJwTnp0SVpza2lJMGRkTT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU&#x2b;aVA0emZWQVJsdTVaM0gya3B4V0hYeVNpZzZabERKdXdvd0FobW95Wmg3VmxPK0txaGdvYXBrTGxxNW1FTTdhTXg3V3VodjBRM0luNjlaYjl6UGJqaWpsYWQzWW4vTTRDVGVveFZBV0dUN1VtMDhJdnBsc2NEK1RKSks1WG9BRWZVcGp3MVlzczgycEJhVlgwbVp1citla1Y1MEhvUUhsb1FUTUpDeHJ4aXB0aXBSSmhlblR5QVBQelVDQ3R5K1crenNKaWZTdnRLNWFEcmEvSnlRMFJyRWNlakdKRjlrbFlFUnVwNGE1QlpMSmlKQ1JLWXZzOCtYWlhjakVMV1RIWUpHMjUvZXRBVVgvQ3drU3h6WlYzckU4ZjVMbU9iTTJGTTg5bjE5aHJTc0tmUWFhdkU3WDBEeURJTU5GNHpoZndFcTVUZTJaWXdRMnczRHZHazBBekxRPT08L2RzOlNpZ25hdHVyZVZhbHVlPjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUR0RENDQXB5Z0F3SUJBZ0lHQVZoS2RIZHNNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JR2FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUcKQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVTJGdUlFWnlZVzVqYVhOamJ6RU5NQXNHQTFVRUNnd0VUMnQwWVRFVQpNQklHQTFVRUN3d0xVMU5QVUhKdmRtbGtaWEl4R3pBWkJnTlZCQU1NRW5OdWIzZG1iR0ZyWldOdmJYQjFkR2x1WnpFY01Cb0dDU3FHClNJYjNEUUVKQVJZTmFXNW1iMEJ2YTNSaExtTnZiVEFlRncweE5qRXhNRGt4T0RVM01UWmFGdzB5TmpFeE1Ea3hPRFU0TVRaYU1JR2EKTVFzd0NRWURWUVFHRXdKVlV6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVTJGdUlFWnlZVzVqYVhOagpiekVOTUFzR0ExVUVDZ3dFVDJ0MFlURVVNQklHQTFVRUN3d0xVMU5QVUhKdmRtbGtaWEl4R3pBWkJnTlZCQU1NRW5OdWIzZG1iR0ZyClpXTnZiWEIxZEdsdVp6RWNNQm9HQ1NxR1NJYjNEUUVKQVJZTmFXNW1iMEJ2YTNSaExtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUIKQlFBRGdnRVBBRENDQVFvQ2dnRUJBTGNVWnQ2RDFYdHJNTHNPK2pKeHEveUdvS1dSQW10U3lPZElYSExFZDFqaUhTblJMTnRDOVZXWgpTR1U1WXE5Ykg5a0dMdzQ2a1VmV3F5Rm9OazNlUDlVUEZWNjVGd3pra1NuKzQ4WDJJeFlwR1I3MEpyY2JQQUt5elZUeDNVOTV5K2dDCmlJZEo3bFlBTTVsQmlGOVE4MVYxOUcwNnB6bG8wUlZaT0NPbGx2QlNka1JyYkF4ZURjUzdrUkRJcVBoekh3SDNYVjlqZi80Y2VYZlEKQlF2YysyMVhGZ080V05ra1lMZXppZWM0MzZHdmorbUZkS1R4Yk5LaUJncW50OVVGZjN4cXRtNWo5ckw3R0NFbTZlZy9HYXVvOFRWTQp4N3NtRklQZGVTa1JkRVcrcVNrT245R3c4WWRzRGNlM0U0Y1V5Z2N6NVo2TGpBUWxjVWFTWlU5amZaTUNBd0VBQVRBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFXVEZqMFV5MENMRm04WHc4d3ZYY0JQN2lObzIxSHEva20rSS9FM251SjA5T3JpRWpjMERicmdGbzd2akkKcUlFOGFhMjNid3lJQWxGWUM2dzZRekxaSHhvRG56S1NRUUhDOTV1RGFvV3F1b1k3WG91L0o5b0IybUMvLy9JeTBNTjh5Y1grNWJ0bgpTNnFkVlZ1V2hPRzBDKzl4OFBiMnVtQzZRVHFwU2dxNFNNZ1dFTnpZRVJ2WkQ4M00xbGc2OWhJWWlUamdrQjFNRUF2Vm1LNDdDNlJYCkF2czJXdU9FZHNVdzNYOE9BUi84eE1paWprd2cwcnlPd0xsTjc0R2RqYUxFZ1lOTzNLanYzYjhId1JSSjF3ZHpMWVdLQWlxV29Ud2kKV3BjWXMrZW1ZT3FWUjUyc0dTRmJ0K25hM1UrRWV0bVUrT2tCdU44SHFyWFRWOXpBZmUxN0hnPT08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbDI6U3ViamVjdCB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI&#x2b;PHNhbWwyOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIj5xYUBzbm93Zmxha2Vjb21wdXRpbmcuY29tPC9zYW1sMjpOYW1lSUQ&#x2b;PHNhbWwyOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDE5LTA1LTI4VDIxOjM5OjE5LjMyNloiIFJlY2lwaWVudD0iaHR0cDovL3Rlc3RhY2NvdW50LnNub3dmbGFrZWNvbXB1dGluZy5jb206ODA4Mi9mZWQvbG9naW4iLz48L3NhbWwyOlN1YmplY3RDb25maXJtYXRpb24&#x2b;PC9zYW1sMjpTdWJqZWN0PjxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxOS0wNS0yOFQyMToyOToxOS4zMjZaIiBOb3RPbk9yQWZ0ZXI9IjIwMTktMDUtMjhUMjE6Mzk6MTkuMzI2WiIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sMjpBdWRpZW5jZT5odHRwOi8vdGVzdGFjY291bnQuc25vd2ZsYWtlY29tcHV0aW5nLmNvbTo4MDgyL2ZlZC9sb2dpbjwvc2FtbDI6QXVkaWVuY2U&#x2b;PC9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDI6Q29uZGl0aW9ucz48c2FtbDI6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE5LTA1LTI4VDIxOjM0OjE5LjMyNloiIFNlc3Npb25JbmRleD0iaWQxNTU5MDc5MjU5MzI2LjQ0NjkwMzY4OCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sMjpBdXRobkNvbnRleHQ&#x2b;PHNhbWwyOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9zYW1sMjpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWwyOkF1dGhuQ29udGV4dD48L3NhbWwyOkF1dGhuU3RhdGVtZW50Pjwvc2FtbDI6QXNzZXJ0aW9uPjwvc2FtbDJwOlJlc3BvbnNlPg&#x3d;&#x3d;\"/>\n    <input name=\"RelayState\" type=\"hidden\" value=\"&#x2f;some&#x2f;deep&#x2f;link\"/>\n</form>\n\n<script src=\"https://ok3static.oktacdn.com/assets/js/app/sso/interstitial.474dce61acfac4a4d016921943cf2a68.js\" crossorigin=\"anonymous\" integrity=\"sha384-rIRjIHrr5XnyB1DG8t+uL1F3e5asM+gYMial0fj56hCWADEBdp3BiwtOAnNpU7Zc\" type=\"text/javascript\"></script></div>\n<!-- close #container -->\n</body>\n</html>\n");
 
-        const int MaxRetryCount = 1;
-        const int MaxRetryTimeout = 1;
+        const int MaxRetryCount = 15;
+        const int MaxRetryTimeout = 400;
 
         [Test]
         public void TestSsoTokenUrlMismatch()

From 1d6ac86fea306fc9a696a31253717c6ceaee75d5 Mon Sep 17 00:00:00 2001
From: sfc-gh-ext-simba-lf <lfarol@magnitude.com>
Date: Fri, 9 Feb 2024 15:45:27 -0800
Subject: [PATCH 6/7] SNOW-916949: Fix throwing an exception for correct
 authentication

---
 Snowflake.Data.Tests/Mock/MockOkta.cs         | 45 ++++++++++++++----
 Snowflake.Data.Tests/UnitTests/SFOktaTest.cs  | 47 ++++++++++++++++++-
 .../Core/Authenticator/OktaAuthenticator.cs   |  4 +-
 3 files changed, 84 insertions(+), 12 deletions(-)

diff --git a/Snowflake.Data.Tests/Mock/MockOkta.cs b/Snowflake.Data.Tests/Mock/MockOkta.cs
index d83c5d1f5..56e245632 100644
--- a/Snowflake.Data.Tests/Mock/MockOkta.cs
+++ b/Snowflake.Data.Tests/Mock/MockOkta.cs
@@ -47,18 +47,45 @@ public Task<T> PostAsync<T>(IRestRequest postRequest, CancellationToken cancella
         {
             if (postRequest is SFRestRequest)
             {
-                // authenticator
-                var authnResponse = new AuthenticatorResponse 
+                if (((SFRestRequest)postRequest).jsonBody is AuthenticatorRequest)
                 {
-                    success = true,
-                    data = new AuthenticatorResponseData 
+                    // authenticator
+                    var authnResponse = new AuthenticatorResponse
                     {
-                        tokenUrl = TokenUrl,
-                        ssoUrl = SSOUrl,
-                    }
-                };
+                        success = true,
+                        data = new AuthenticatorResponseData
+                        {
+                            tokenUrl = TokenUrl,
+                            ssoUrl = SSOUrl,
+                        }
+                    };
+
+                    return Task.FromResult<T>((T)(object)authnResponse);
+                }
+                else
+                {
+                    // login
+                    var loginResponse = new LoginResponse
+                    {
+                        success = true,
+                        data = new LoginResponseData
+                        {
+                            sessionId = "",
+                            token = "",
+                            masterToken = "",
+                            masterValidityInSeconds = 0,
+                            authResponseSessionInfo = new SessionInfo
+                            {
+                                databaseName = "",
+                                schemaName = "",
+                                roleName = "",
+                                warehouseName = "",
+                            }
+                        }
+                    };
 
-                return Task.FromResult<T>((T)(object)authnResponse);
+                    return Task.FromResult<T>((T)(object)loginResponse);
+                }
             }
             else
             {
diff --git a/Snowflake.Data.Tests/UnitTests/SFOktaTest.cs b/Snowflake.Data.Tests/UnitTests/SFOktaTest.cs
index e801bd30d..75c73824d 100644
--- a/Snowflake.Data.Tests/UnitTests/SFOktaTest.cs
+++ b/Snowflake.Data.Tests/UnitTests/SFOktaTest.cs
@@ -2,6 +2,8 @@
 using Snowflake.Data.Client;
 using Snowflake.Data.Core;
 using System.Net.Http;
+using System.Threading;
+using System.Threading.Tasks;
 
 namespace Snowflake.Data.Tests.UnitTests
 {
@@ -10,7 +12,7 @@ class SFOktaTest
     {
         StringContent wrongPostbackContent = new StringContent(" < !DOCTYPE html >< html lang =\"en\"><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><meta name=\"robots\" content=\"noarchive\"/><meta name=\"googlebot\" content=\"noarchive\"/><meta name=\"robots\" content=\"noindex\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\" />\n<meta name=\"apple-mobile-web-app-capable\" content=\"yes\"><meta name=\"googlebot\" content=\"noindex\" />\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n<meta name=\"robots\" content=\"none\" />\n\n<link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-16x16.c55b69ae49b08edc7c000d12b8e5483f.png\" rel=\"icon\" type=\"image/png\" sizes=\"16x16\"/><link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-32x32.99bc356b6e293b927f9e3a2b69761c26.png\" rel=\"icon\" type=\"image/png\" sizes=\"32x32\"/><link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-96x96.de98828614fa33ca04fcfaa07679f345.png\" rel=\"icon\" type=\"image/png\" sizes=\"96x96\"/><meta name=\"msapplication-TileColor\" content=\"#ffffff\">\n<meta name=\"msapplication-TileImage\" content=\"/img/icons/favicons/ms-icon-144x144.png\">\n<meta name=\"application-name\" content=\"Okta\"/>\n<meta name=\"theme-color\" content=\"#ffffff\">\n<meta name=\"msapplication-config\" content=\"/img/icons/favicons/browserconfig.xml\"/>\n\n<title>Snowflake - Signing in...</title>\n<!--[if IE]><link href=\"https://ok3static.oktacdn.com/assets/css/ie/ie.57ba8b295e567530b9a1b92e266a6eae.css\" type=\"text/css\" rel=\"stylesheet\"/><![endif]-->\n<!--[if gte IE 9]><link href=\"https://ok3static.oktacdn.com/assets/css/ie/ie9.0d563c6ff0555c4086c6606c3e6387e5.css\" type=\"text/css\" rel=\"stylesheet\"/><![endif]-->\n\n<script>if (typeof module === 'object') {window.module = module; module = undefined;}</script>\n\n<script>\n    var okta = {\n        migrateMute: true,\n        locale: 'en',\n        debug: false,\n        deployEnv: 'PROD',\n        userId: '00u141kzp5sTIufWw1d8',\n        settings: {\n            orgId: '00oy3jwwiqWBAGOLOWLT',\n            orgName: 'Snowflake',\n            serverStatus: 'ACTIVE',\n            persona: '',\n            isDeveloperConsole: '' === 'true',\n            isPreview: 'false' === 'true',\n            permissions: []\n        },\n        logHasFeatureError: function(message) {\n            var xhr = new XMLHttpRequest();\n            xhr.open('POST', '/api/internal/client-logging/has-feature-error', true);\n            xhr.setRequestHeader('Content-Type', 'application/json');\n            xhr.send(JSON.stringify({\n              message: message\n            }));\n        }\n\n    };\n</script>\n<script>var _features=[\"MONTHLY_FLAG_2019_01\",\"MONTHLY_FLAG_2018_12\",\"DEV_APPS\",\"MONTHLY_FLAG_2019_04\",\"MONTHLY_FLAG_2018_10\",\"MONTHLY_FLAG_2018_09\",\"MONTHLY_FLAG_2019_05\",\"APP_NOTES\",\"MONTHLY_FLAG_2019_02\",\"MONTHLY_FLAG_2018_11\",\"API_ACCESS_MANAGEMENT\",\"MONTHLY_FLAG_2019_03\"];</script><script>\n      window._features = window._features || [];\n      _features.push('DEV_CONSOLE');\n    </script>\n<script>window.okta || (window.okta = {}); okta.cdnUrlHostname = \"//ok3static.oktacdn.com\"; okta.cdnPerformCheck = false;</script><script>window.okta || (window.okta = {});window.okta.mixpanel = true;window.okta.mixpanelTrackingSamplingFactors = {\"_DEFAULT\":1.0};</script><script src=\"https://ok3static.oktacdn.com/assets/js/jquery-1.12.4.min.e93c5a2265fbe2a3e96fe19159fc9a84.js\" crossorigin=\"anonymous\" integrity=\"sha384-KA5uVfsh/aGN4nZ9iqQ+CAYy0emdYEnjgFsPzqxBi2AMeqLX5qoCiY4ICzIg61TX\" type=\"text/javascript\"></script><!--[if lt IE 9]><script src=\"https://ok3static.oktacdn.com/assets/enduser/js/vendor/css3-mediaqueries.fa295f0132f5335f352071ca3613a94a.js\" crossorigin=\"anonymous\" integrity=\"sha384-7pU2GSgyec3nzQMUNSuzanfJelP9UCOyHil0bOv+WnPKSS9lNA/tcxPyr7NV2w6c\" type=\"text/javascript\"></script><![endif]-->\n\n<script>if (window.module) module = window.module;</script>\n\n</head>\n<body id=\"app\" class=\"enduser-app  \">\n<noscript><div id=\"noscript-mask\"></div><div id=\"noscript-msg\" class=\"infobox infobox-warning infobox-compact\"><span class=\"icon warning-16\"></span><h3>Javascript is disabled on your browser.</h3><p>Please enable Javascript and refresh this page to use Okta.</p></div></noscript>\n\n<div id=\"container\">\n<link href=\"https://ok3static.oktacdn.com/assets/css/sections/interstitial.8c2f4a8544ec4c72abb54659e8a83b0e.css\" type=\"text/css\" rel=\"stylesheet\"/><script>\n    var interstitialMinWaitTime = 1200;\n    </script>\n<!--[if lte IE 9]>\n            <style type=\"text/css\">\n                #okta-auth-spin {\n                    top: 35%;\n                }\n            </style>\n        <![endif]-->\n\n        <!--[if lte IE 8]>\n            <style type=\"text/css\">\n                #okta-auth-band {\n                    height: 200px;\n                }\n            </style>\n        <![endif]-->\n\n        <div id=\"okta-interstitial-wrap\">\n                <div class=\"okta-auth-mask-new-interstitial\"></div>\n        <div class=\"new-interstitial\" id=\"new-interstitial\">\n        <div id=\"okta-auth-band\">\n            <img src=\"https://ok3static.oktacdn.com/assets/img/ui/indicators/new_interstitial_static.9481d4731547cec09b26be142dbeec61.png\" width=\"376\" height=\"160\" alt=\"Please wait\" class=\"new-img-static\"/><img src=\"https://ok3static.oktacdn.com/assets/img/ui/indicators/new_interstitial.c41c3b6f3a84458aca9a5919f238fbe3.gif\" width=\"376\" height=\"160\" alt=\"Please wait\" class=\"new-img\"/><img src=\"https://ok3static.oktacdn.com/assets/img/logos/okta_watermark.4a7f2ccf7d0a787cff6f59fb67f72843.png\" width=\"106\" height=\"36\" alt=\"Okta\" class=\"okta-logo\"/><div id=\"okta-auth-spin\"></div>\n                    <div id=\"okta-auth-spin-small\"></div>\n                <h1 id=\"okta-auth-heading\" class ='signing-in-text'>Signing in to TESTACCOUNT (regression)</h1>\n        </div>\n        </div> <!--new-interstitial -->\n        </div> <!--okta-interstitial-wrap -->\n\n        <script type=\"text/javascript\">\n            $(function(){\n                var isFFSVGFixEnabled = 'false';\n                if ($('#okta-auth-spin').hasClass('android-spinner')) {\n                    return;\n                }\n\n                // Remove gif animation for Safari\n                var isSafari = /AppleWebKit/.test(navigator.userAgent) && !/Chrome/.test(navigator.userAgent) && /Apple Computer/.test(navigator.vendor);\n                if (isFFSVGFixEnabled && isSafari) {\n                    $('.new-img').hide(0);\n                } else {\n                    $('.new-img').on('load', function(evt){\n                        //gif loaded correctly, fade out static asset and fade in gif\n                        //making sure we show the graphic before the form submit happens in 200ms\n                        $('.new-img-static').hide(0,function(){\n                            $('.new-img').show(0);\n                        });\n                    });\n                }\n\n                //For cached images with src the load event fires just before you add a listener for it. Hence setting the source again to make sure the event handlers fire in the right order.\n                var assetUrl = $('.new-img').attr('src');\n                $('.new-img').attr('src', assetUrl);\n\n                var standard = document.getElementById('okta-auth-spin');\n                var small = document.getElementById('okta-auth-spin-small');\n\n                var optsStandard = {\n                    lines: 9, // The number of lines to draw\n                    length: 0, // The length of each line\n                    width: 8, // The line thickness\n                    radius: 21, // The radius of the inner circle\n                    corners: 1, // Corner roundness (0..1)\n                    rotate: 0, // The rotation offset\n                    direction: 1, // 1: clockwise, -1: counterclockwise\n                    color: '#fff', // #rgb or #rrggbb\n                    speed: 1, // Rounds per second\n                    trail: 60, // Afterglow percentage\n                    shadow: false, // Whether to render a shadow\n                    hwaccel: false, // Whether to use hardware acceleration\n                    className: 'okta-auth-spinner', // The CSS class to assign to the spinner\n                    zIndex: 2e9, // The z-index (defaults to 2000000000)\n                    top: 'auto', // Top position relative to parent in px\n                    left: 'auto' // Left position relative to parent in px\n                };\n\n                var optsSmall = {\n                    lines: 9, // The number of lines to draw\n                    length: 0, // The length of each line\n                    width: 6, // The line thickness\n                    radius: 14, // The radius of the inner circle\n                    corners: 1, // Corner roundness (0..1)\n                    rotate: 0, // The rotation offset\n                    direction: 1, // 1: clockwise, -1: counterclockwise\n                    color: '#fff', // #rgb or #rrggbb\n                    speed: 1, // Rounds per second\n                    trail: 60, // Afterglow percentage\n                    shadow: false, // Whether to render a shadow\n                    hwaccel: false, // Whether to use hardware acceleration\n                    className: 'okta-auth-spinner', // The CSS class to assign to the spinner\n                    zIndex: 2e9, // The z-index (defaults to 2000000000)\n                    top: 'auto', // Top position relative to parent in px\n                    left: 'auto' // Left position relative to parent in px\n                };\n                if (typeof Spinner === 'function') {\n                    var spinnerStandard = new Spinner(optsStandard);\n                    var spinnerSmall = new Spinner(optsSmall);\n\n                    spinnerStandard.spin(standard);\n                    spinnerSmall.spin(small);\n                }\n\n            });\n        </script>\n    <form id=\"appForm\" action=\"http&#x3a;&#x2f;&#x2f;testaccount.dev.snowflakecomputing.com&#x3a;8082&#x2f;fed&#x2f;login\" method=\"POST\">\n    <input name=\"SAMLResponse\" type=\"hidden\" value=\"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBEZXN0aW5hdGlvbj0iaHR0cDovL3Rlc3RhY2NvdW50LnNub3dmbGFrZWNvbXB1dGluZy5jb206ODA4Mi9mZWQvbG9naW4iIElEPSJpZDM2OTI3Nzc0NDA0Njg3NDIxODk5NjI5MTcwIiBJc3N1ZUluc3RhbnQ9IjIwMTktMDUtMjhUMjE6MzQ6MTkuMzI2WiIgVmVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI&#x2b;aHR0cDovL3d3dy5va3RhLmNvbS9leGsxYTU1aWtwelcxVlBWcjFkODwvc2FtbDI6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8&#x2b;PGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48ZHM6UmVmZXJlbmNlIFVSST0iI2lkMzY5Mjc3NzQ0MDQ2ODc0MjE4OTk2MjkxNzAiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM&#x2b;PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkczpEaWdlc3RWYWx1ZT5hUDYvbUhGMFFKTUdkWlJSNlVYZ2o0QW9HaW5WMnF3VHBRVytEVzVHcnJFPTwvZHM6RGlnZXN0VmFsdWU&#x2b;PC9kczpSZWZlcmVuY2U&#x2b;PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5KNlYrYVFMaTRTVGR3NXFmWEU3czRrVS9ycHRDaWYvM0liUnRWaWc4K2Y1SldMWDdiaVlqZExueWlhRHpObGRVYXJzeGQzRDd5eHkzUWNyZ2hCRlp3ZGVlbFR5b3krWmZFSzltd3NnTm9wMTFKTktneHRsNTRnNmhiSUlOaXVVOEhxOExUNUs2SXAzZE5ZN1E1WFV2U09rTVUwZUg5M3ZDMExVaWVYZDJBektqSUtaa3lZNmlDdi9BSis5SUNvQk9FMHBTZnl2RjNiZjRWRmhWQkwvSVBFMFg1eTBIZzFERmNZWXhqaVhrYXU2cmN2NjBDcEZ6ejdxaFJCOTJyWDEyMm0zRHlaR3ZVVHJEalVsRXd0Mk0yazhyNy8zWjlURWc2VE9wc3ovMmNEME1xTHBNOWJtenpkZWQ4MzZoUC83WlJiUG5UNGM0OHAvakRCMXNieTMyS1E9PTwvZHM6U2lnbmF0dXJlVmFsdWU&#x2b;PGRzOktleUluZm8&#x2b;PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU&#x2b;TUlJRHREQ0NBcHlnQXdJQkFnSUdBVmhLZEhkc01BMEdDU3FHU0liM0RRRUJDd1VBTUlHYU1Rc3dDUVlEVlFRR0V3SlZVekVUTUJFRwpBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeVlXNWphWE5qYnpFTk1Bc0dBMVVFQ2d3RVQydDBZVEVVCk1CSUdBMVVFQ3d3TFUxTlBVSEp2ZG1sa1pYSXhHekFaQmdOVkJBTU1Fbk51YjNkbWJHRnJaV052YlhCMWRHbHVaekVjTUJvR0NTcUcKU0liM0RRRUpBUllOYVc1bWIwQnZhM1JoTG1OdmJUQWVGdzB4TmpFeE1Ea3hPRFUzTVRaYUZ3MHlOakV4TURreE9EVTRNVFphTUlHYQpNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeVlXNWphWE5qCmJ6RU5NQXNHQTFVRUNnd0VUMnQwWVRFVU1CSUdBMVVFQ3d3TFUxTlBVSEp2ZG1sa1pYSXhHekFaQmdOVkJBTU1Fbk51YjNkbWJHRnIKWldOdmJYQjFkR2x1WnpFY01Cb0dDU3FHU0liM0RRRUpBUllOYVc1bWIwQnZhM1JoTG1OdmJUQ0NBU0l3RFFZSktvWklodmNOQVFFQgpCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMY1VadDZEMVh0ck1Mc08rakp4cS95R29LV1JBbXRTeU9kSVhITEVkMWppSFNuUkxOdEM5VldaClNHVTVZcTliSDlrR0x3NDZrVWZXcXlGb05rM2VQOVVQRlY2NUZ3emtrU24rNDhYMkl4WXBHUjcwSnJjYlBBS3l6VlR4M1U5NXkrZ0MKaUlkSjdsWUFNNWxCaUY5UTgxVjE5RzA2cHpsbzBSVlpPQ09sbHZCU2RrUnJiQXhlRGNTN2tSRElxUGh6SHdIM1hWOWpmLzRjZVhmUQpCUXZjKzIxWEZnTzRXTmtrWUxlemllYzQzNkd2aittRmRLVHhiTktpQmdxbnQ5VUZmM3hxdG01ajlyTDdHQ0VtNmVnL0dhdW84VFZNCng3c21GSVBkZVNrUmRFVytxU2tPbjlHdzhZZHNEY2UzRTRjVXlnY3o1WjZMakFRbGNVYVNaVTlqZlpNQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQVFFQVdURmowVXkwQ0xGbThYdzh3dlhjQlA3aU5vMjFIcS9rbStJL0UzbnVKMDlPcmlFamMwRGJyZ0ZvN3ZqSQpxSUU4YWEyM2J3eUlBbEZZQzZ3NlF6TFpIeG9EbnpLU1FRSEM5NXVEYW9XcXVvWTdYb3UvSjlvQjJtQy8vL0l5ME1OOHljWCs1YnRuClM2cWRWVnVXaE9HMEMrOXg4UGIydW1DNlFUcXBTZ3E0U01nV0VOellFUnZaRDgzTTFsZzY5aElZaVRqZ2tCMU1FQXZWbUs0N0M2UlgKQXZzMld1T0Vkc1V3M1g4T0FSLzh4TWlpamt3ZzByeU93TGxONzRHZGphTEVnWU5PM0tqdjNiOEh3UlJKMXdkekxZV0tBaXFXb1R3aQpXcGNZcytlbVlPcVZSNTJzR1NGYnQrbmEzVStFZXRtVStPa0J1TjhIcXJYVFY5ekFmZTE3SGc9PTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE&#x2b;PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sMnA6U3RhdHVzIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbDJwOlN0YXR1cz48c2FtbDI6QXNzZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iaWQzNjkyNzc3NDQwNTUxMTYwMTQ1MDQ4NjgyOSIgSXNzdWVJbnN0YW50PSIyMDE5LTA1LTI4VDIxOjM0OjE5LjMyNloiIFZlcnNpb249IjIuMCI&#x2b;PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly93d3cub2t0YS5jb20vZXhrMWE1NWlrcHpXMVZQVnIxZDg8L3NhbWwyOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8&#x2b;PGRzOlJlZmVyZW5jZSBVUkk9IiNpZDM2OTI3Nzc0NDA1NTExNjAxNDUwNDg2ODI5Ij48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8&#x2b;PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHM6RGlnZXN0VmFsdWU&#x2b;VUQ0SHNVNzRCbGFSNjcxTnJBaFVvNWJqYlpEemJwTnp0SVpza2lJMGRkTT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU&#x2b;aVA0emZWQVJsdTVaM0gya3B4V0hYeVNpZzZabERKdXdvd0FobW95Wmg3VmxPK0txaGdvYXBrTGxxNW1FTTdhTXg3V3VodjBRM0luNjlaYjl6UGJqaWpsYWQzWW4vTTRDVGVveFZBV0dUN1VtMDhJdnBsc2NEK1RKSks1WG9BRWZVcGp3MVlzczgycEJhVlgwbVp1citla1Y1MEhvUUhsb1FUTUpDeHJ4aXB0aXBSSmhlblR5QVBQelVDQ3R5K1crenNKaWZTdnRLNWFEcmEvSnlRMFJyRWNlakdKRjlrbFlFUnVwNGE1QlpMSmlKQ1JLWXZzOCtYWlhjakVMV1RIWUpHMjUvZXRBVVgvQ3drU3h6WlYzckU4ZjVMbU9iTTJGTTg5bjE5aHJTc0tmUWFhdkU3WDBEeURJTU5GNHpoZndFcTVUZTJaWXdRMnczRHZHazBBekxRPT08L2RzOlNpZ25hdHVyZVZhbHVlPjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUR0RENDQXB5Z0F3SUJBZ0lHQVZoS2RIZHNNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JR2FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUcKQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVTJGdUlFWnlZVzVqYVhOamJ6RU5NQXNHQTFVRUNnd0VUMnQwWVRFVQpNQklHQTFVRUN3d0xVMU5QVUhKdmRtbGtaWEl4R3pBWkJnTlZCQU1NRW5OdWIzZG1iR0ZyWldOdmJYQjFkR2x1WnpFY01Cb0dDU3FHClNJYjNEUUVKQVJZTmFXNW1iMEJ2YTNSaExtTnZiVEFlRncweE5qRXhNRGt4T0RVM01UWmFGdzB5TmpFeE1Ea3hPRFU0TVRaYU1JR2EKTVFzd0NRWURWUVFHRXdKVlV6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVTJGdUlFWnlZVzVqYVhOagpiekVOTUFzR0ExVUVDZ3dFVDJ0MFlURVVNQklHQTFVRUN3d0xVMU5QVUhKdmRtbGtaWEl4R3pBWkJnTlZCQU1NRW5OdWIzZG1iR0ZyClpXTnZiWEIxZEdsdVp6RWNNQm9HQ1NxR1NJYjNEUUVKQVJZTmFXNW1iMEJ2YTNSaExtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUIKQlFBRGdnRVBBRENDQVFvQ2dnRUJBTGNVWnQ2RDFYdHJNTHNPK2pKeHEveUdvS1dSQW10U3lPZElYSExFZDFqaUhTblJMTnRDOVZXWgpTR1U1WXE5Ykg5a0dMdzQ2a1VmV3F5Rm9OazNlUDlVUEZWNjVGd3pra1NuKzQ4WDJJeFlwR1I3MEpyY2JQQUt5elZUeDNVOTV5K2dDCmlJZEo3bFlBTTVsQmlGOVE4MVYxOUcwNnB6bG8wUlZaT0NPbGx2QlNka1JyYkF4ZURjUzdrUkRJcVBoekh3SDNYVjlqZi80Y2VYZlEKQlF2YysyMVhGZ080V05ra1lMZXppZWM0MzZHdmorbUZkS1R4Yk5LaUJncW50OVVGZjN4cXRtNWo5ckw3R0NFbTZlZy9HYXVvOFRWTQp4N3NtRklQZGVTa1JkRVcrcVNrT245R3c4WWRzRGNlM0U0Y1V5Z2N6NVo2TGpBUWxjVWFTWlU5amZaTUNBd0VBQVRBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFXVEZqMFV5MENMRm04WHc4d3ZYY0JQN2lObzIxSHEva20rSS9FM251SjA5T3JpRWpjMERicmdGbzd2akkKcUlFOGFhMjNid3lJQWxGWUM2dzZRekxaSHhvRG56S1NRUUhDOTV1RGFvV3F1b1k3WG91L0o5b0IybUMvLy9JeTBNTjh5Y1grNWJ0bgpTNnFkVlZ1V2hPRzBDKzl4OFBiMnVtQzZRVHFwU2dxNFNNZ1dFTnpZRVJ2WkQ4M00xbGc2OWhJWWlUamdrQjFNRUF2Vm1LNDdDNlJYCkF2czJXdU9FZHNVdzNYOE9BUi84eE1paWprd2cwcnlPd0xsTjc0R2RqYUxFZ1lOTzNLanYzYjhId1JSSjF3ZHpMWVdLQWlxV29Ud2kKV3BjWXMrZW1ZT3FWUjUyc0dTRmJ0K25hM1UrRWV0bVUrT2tCdU44SHFyWFRWOXpBZmUxN0hnPT08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbDI6U3ViamVjdCB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI&#x2b;PHNhbWwyOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIj5xYUBzbm93Zmxha2Vjb21wdXRpbmcuY29tPC9zYW1sMjpOYW1lSUQ&#x2b;PHNhbWwyOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDE5LTA1LTI4VDIxOjM5OjE5LjMyNloiIFJlY2lwaWVudD0iaHR0cDovL3Rlc3RhY2NvdW50LnNub3dmbGFrZWNvbXB1dGluZy5jb206ODA4Mi9mZWQvbG9naW4iLz48L3NhbWwyOlN1YmplY3RDb25maXJtYXRpb24&#x2b;PC9zYW1sMjpTdWJqZWN0PjxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxOS0wNS0yOFQyMToyOToxOS4zMjZaIiBOb3RPbk9yQWZ0ZXI9IjIwMTktMDUtMjhUMjE6Mzk6MTkuMzI2WiIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sMjpBdWRpZW5jZT5odHRwOi8vdGVzdGFjY291bnQuc25vd2ZsYWtlY29tcHV0aW5nLmNvbTo4MDgyL2ZlZC9sb2dpbjwvc2FtbDI6QXVkaWVuY2U&#x2b;PC9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDI6Q29uZGl0aW9ucz48c2FtbDI6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE5LTA1LTI4VDIxOjM0OjE5LjMyNloiIFNlc3Npb25JbmRleD0iaWQxNTU5MDc5MjU5MzI2LjQ0NjkwMzY4OCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sMjpBdXRobkNvbnRleHQ&#x2b;PHNhbWwyOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9zYW1sMjpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWwyOkF1dGhuQ29udGV4dD48L3NhbWwyOkF1dGhuU3RhdGVtZW50Pjwvc2FtbDI6QXNzZXJ0aW9uPjwvc2FtbDJwOlJlc3BvbnNlPg&#x3d;&#x3d;\"/>\n    <input name=\"RelayState\" type=\"hidden\" value=\"&#x2f;some&#x2f;deep&#x2f;link\"/>\n</form>\n\n<script src=\"https://ok3static.oktacdn.com/assets/js/app/sso/interstitial.474dce61acfac4a4d016921943cf2a68.js\" crossorigin=\"anonymous\" integrity=\"sha384-rIRjIHrr5XnyB1DG8t+uL1F3e5asM+gYMial0fj56hCWADEBdp3BiwtOAnNpU7Zc\" type=\"text/javascript\"></script></div>\n<!-- close #container -->\n</body>\n</html>\n");
         StringContent noPostbackContent = new StringContent(" < !DOCTYPE html >< html lang =\"en\"><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><meta name=\"robots\" content=\"noarchive\"/><meta name=\"googlebot\" content=\"noarchive\"/><meta name=\"robots\" content=\"noindex\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\" />\n<meta name=\"apple-mobile-web-app-capable\" content=\"yes\"><meta name=\"googlebot\" content=\"noindex\" />\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n<meta name=\"robots\" content=\"none\" />\n\n<link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-16x16.c55b69ae49b08edc7c000d12b8e5483f.png\" rel=\"icon\" type=\"image/png\" sizes=\"16x16\"/><link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-32x32.99bc356b6e293b927f9e3a2b69761c26.png\" rel=\"icon\" type=\"image/png\" sizes=\"32x32\"/><link href=\"https://ok3static.oktacdn.com/assets/img/icons/favicons/favicon-96x96.de98828614fa33ca04fcfaa07679f345.png\" rel=\"icon\" type=\"image/png\" sizes=\"96x96\"/><meta name=\"msapplication-TileColor\" content=\"#ffffff\">\n<meta name=\"msapplication-TileImage\" content=\"/img/icons/favicons/ms-icon-144x144.png\">\n<meta name=\"application-name\" content=\"Okta\"/>\n<meta name=\"theme-color\" content=\"#ffffff\">\n<meta name=\"msapplication-config\" content=\"/img/icons/favicons/browserconfig.xml\"/>\n\n<title>Snowflake - Signing in...</title>\n<!--[if IE]><link href=\"https://ok3static.oktacdn.com/assets/css/ie/ie.57ba8b295e567530b9a1b92e266a6eae.css\" type=\"text/css\" rel=\"stylesheet\"/><![endif]-->\n<!--[if gte IE 9]><link href=\"https://ok3static.oktacdn.com/assets/css/ie/ie9.0d563c6ff0555c4086c6606c3e6387e5.css\" type=\"text/css\" rel=\"stylesheet\"/><![endif]-->\n\n<script>if (typeof module === 'object') {window.module = module; module = undefined;}</script>\n\n<script>\n    var okta = {\n        migrateMute: true,\n        locale: 'en',\n        debug: false,\n        deployEnv: 'PROD',\n        userId: '00u141kzp5sTIufWw1d8',\n        settings: {\n            orgId: '00oy3jwwiqWBAGOLOWLT',\n            orgName: 'Snowflake',\n            serverStatus: 'ACTIVE',\n            persona: '',\n            isDeveloperConsole: '' === 'true',\n            isPreview: 'false' === 'true',\n            permissions: []\n        },\n        logHasFeatureError: function(message) {\n            var xhr = new XMLHttpRequest();\n            xhr.open('POST', '/api/internal/client-logging/has-feature-error', true);\n            xhr.setRequestHeader('Content-Type', 'application/json');\n            xhr.send(JSON.stringify({\n              message: message\n            }));\n        }\n\n    };\n</script>\n<script>var _features=[\"MONTHLY_FLAG_2019_01\",\"MONTHLY_FLAG_2018_12\",\"DEV_APPS\",\"MONTHLY_FLAG_2019_04\",\"MONTHLY_FLAG_2018_10\",\"MONTHLY_FLAG_2018_09\",\"MONTHLY_FLAG_2019_05\",\"APP_NOTES\",\"MONTHLY_FLAG_2019_02\",\"MONTHLY_FLAG_2018_11\",\"API_ACCESS_MANAGEMENT\",\"MONTHLY_FLAG_2019_03\"];</script><script>\n      window._features = window._features || [];\n      _features.push('DEV_CONSOLE');\n    </script>\n<script>window.okta || (window.okta = {}); okta.cdnUrlHostname = \"//ok3static.oktacdn.com\"; okta.cdnPerformCheck = false;</script><script>window.okta || (window.okta = {});window.okta.mixpanel = true;window.okta.mixpanelTrackingSamplingFactors = {\"_DEFAULT\":1.0};</script><script src=\"https://ok3static.oktacdn.com/assets/js/jquery-1.12.4.min.e93c5a2265fbe2a3e96fe19159fc9a84.js\" crossorigin=\"anonymous\" integrity=\"sha384-KA5uVfsh/aGN4nZ9iqQ+CAYy0emdYEnjgFsPzqxBi2AMeqLX5qoCiY4ICzIg61TX\" type=\"text/javascript\"></script><!--[if lt IE 9]><script src=\"https://ok3static.oktacdn.com/assets/enduser/js/vendor/css3-mediaqueries.fa295f0132f5335f352071ca3613a94a.js\" crossorigin=\"anonymous\" integrity=\"sha384-7pU2GSgyec3nzQMUNSuzanfJelP9UCOyHil0bOv+WnPKSS9lNA/tcxPyr7NV2w6c\" type=\"text/javascript\"></script><![endif]-->\n\n<script>if (window.module) module = window.module;</script>\n\n</head>\n<body id=\"app\" class=\"enduser-app  \">\n<noscript><div id=\"noscript-mask\"></div><div id=\"noscript-msg\" class=\"infobox infobox-warning infobox-compact\"><span class=\"icon warning-16\"></span><h3>Javascript is disabled on your browser.</h3><p>Please enable Javascript and refresh this page to use Okta.</p></div></noscript>\n\n<div id=\"container\">\n<link href=\"https://ok3static.oktacdn.com/assets/css/sections/interstitial.8c2f4a8544ec4c72abb54659e8a83b0e.css\" type=\"text/css\" rel=\"stylesheet\"/><script>\n    var interstitialMinWaitTime = 1200;\n    </script>\n<!--[if lte IE 9]>\n            <style type=\"text/css\">\n                #okta-auth-spin {\n                    top: 35%;\n                }\n            </style>\n        <![endif]-->\n\n        <!--[if lte IE 8]>\n            <style type=\"text/css\">\n                #okta-auth-band {\n                    height: 200px;\n                }\n            </style>\n        <![endif]-->\n\n        <div id=\"okta-interstitial-wrap\">\n                <div class=\"okta-auth-mask-new-interstitial\"></div>\n        <div class=\"new-interstitial\" id=\"new-interstitial\">\n        <div id=\"okta-auth-band\">\n            <img src=\"https://ok3static.oktacdn.com/assets/img/ui/indicators/new_interstitial_static.9481d4731547cec09b26be142dbeec61.png\" width=\"376\" height=\"160\" alt=\"Please wait\" class=\"new-img-static\"/><img src=\"https://ok3static.oktacdn.com/assets/img/ui/indicators/new_interstitial.c41c3b6f3a84458aca9a5919f238fbe3.gif\" width=\"376\" height=\"160\" alt=\"Please wait\" class=\"new-img\"/><img src=\"https://ok3static.oktacdn.com/assets/img/logos/okta_watermark.4a7f2ccf7d0a787cff6f59fb67f72843.png\" width=\"106\" height=\"36\" alt=\"Okta\" class=\"okta-logo\"/><div id=\"okta-auth-spin\"></div>\n                    <div id=\"okta-auth-spin-small\"></div>\n                <h1 id=\"okta-auth-heading\" class ='signing-in-text'>Signing in to TESTACCOUNT (regression)</h1>\n        </div>\n        </div> <!--new-interstitial -->\n        </div> <!--okta-interstitial-wrap -->\n\n        <script type=\"text/javascript\">\n            $(function(){\n                var isFFSVGFixEnabled = 'false';\n                if ($('#okta-auth-spin').hasClass('android-spinner')) {\n                    return;\n                }\n\n                // Remove gif animation for Safari\n                var isSafari = /AppleWebKit/.test(navigator.userAgent) && !/Chrome/.test(navigator.userAgent) && /Apple Computer/.test(navigator.vendor);\n                if (isFFSVGFixEnabled && isSafari) {\n                    $('.new-img').hide(0);\n                } else {\n                    $('.new-img').on('load', function(evt){\n                        //gif loaded correctly, fade out static asset and fade in gif\n                        //making sure we show the graphic before the form submit happens in 200ms\n                        $('.new-img-static').hide(0,function(){\n                            $('.new-img').show(0);\n                        });\n                    });\n                }\n\n                //For cached images with src the load event fires just before you add a listener for it. Hence setting the source again to make sure the event handlers fire in the right order.\n                var assetUrl = $('.new-img').attr('src');\n                $('.new-img').attr('src', assetUrl);\n\n                var standard = document.getElementById('okta-auth-spin');\n                var small = document.getElementById('okta-auth-spin-small');\n\n                var optsStandard = {\n                    lines: 9, // The number of lines to draw\n                    length: 0, // The length of each line\n                    width: 8, // The line thickness\n                    radius: 21, // The radius of the inner circle\n                    corners: 1, // Corner roundness (0..1)\n                    rotate: 0, // The rotation offset\n                    direction: 1, // 1: clockwise, -1: counterclockwise\n                    color: '#fff', // #rgb or #rrggbb\n                    speed: 1, // Rounds per second\n                    trail: 60, // Afterglow percentage\n                    shadow: false, // Whether to render a shadow\n                    hwaccel: false, // Whether to use hardware acceleration\n                    className: 'okta-auth-spinner', // The CSS class to assign to the spinner\n                    zIndex: 2e9, // The z-index (defaults to 2000000000)\n                    top: 'auto', // Top position relative to parent in px\n                    left: 'auto' // Left position relative to parent in px\n                };\n\n                var optsSmall = {\n                    lines: 9, // The number of lines to draw\n                    length: 0, // The length of each line\n                    width: 6, // The line thickness\n                    radius: 14, // The radius of the inner circle\n                    corners: 1, // Corner roundness (0..1)\n                    rotate: 0, // The rotation offset\n                    direction: 1, // 1: clockwise, -1: counterclockwise\n                    color: '#fff', // #rgb or #rrggbb\n                    speed: 1, // Rounds per second\n                    trail: 60, // Afterglow percentage\n                    shadow: false, // Whether to render a shadow\n                    hwaccel: false, // Whether to use hardware acceleration\n                    className: 'okta-auth-spinner', // The CSS class to assign to the spinner\n                    zIndex: 2e9, // The z-index (defaults to 2000000000)\n                    top: 'auto', // Top position relative to parent in px\n                    left: 'auto' // Left position relative to parent in px\n                };\n                if (typeof Spinner === 'function') {\n                    var spinnerStandard = new Spinner(optsStandard);\n                    var spinnerSmall = new Spinner(optsSmall);\n\n                    spinnerStandard.spin(standard);\n                    spinnerSmall.spin(small);\n                }\n\n            });\n        </script>\n    <form id=\"appForm\" method=\"POST\">\n    <input name=\"SAMLResponse\" type=\"hidden\" value=\"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBEZXN0aW5hdGlvbj0iaHR0cDovL3Rlc3RhY2NvdW50LnNub3dmbGFrZWNvbXB1dGluZy5jb206ODA4Mi9mZWQvbG9naW4iIElEPSJpZDM2OTI3Nzc0NDA0Njg3NDIxODk5NjI5MTcwIiBJc3N1ZUluc3RhbnQ9IjIwMTktMDUtMjhUMjE6MzQ6MTkuMzI2WiIgVmVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI&#x2b;aHR0cDovL3d3dy5va3RhLmNvbS9leGsxYTU1aWtwelcxVlBWcjFkODwvc2FtbDI6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8&#x2b;PGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48ZHM6UmVmZXJlbmNlIFVSST0iI2lkMzY5Mjc3NzQ0MDQ2ODc0MjE4OTk2MjkxNzAiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM&#x2b;PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkczpEaWdlc3RWYWx1ZT5hUDYvbUhGMFFKTUdkWlJSNlVYZ2o0QW9HaW5WMnF3VHBRVytEVzVHcnJFPTwvZHM6RGlnZXN0VmFsdWU&#x2b;PC9kczpSZWZlcmVuY2U&#x2b;PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5KNlYrYVFMaTRTVGR3NXFmWEU3czRrVS9ycHRDaWYvM0liUnRWaWc4K2Y1SldMWDdiaVlqZExueWlhRHpObGRVYXJzeGQzRDd5eHkzUWNyZ2hCRlp3ZGVlbFR5b3krWmZFSzltd3NnTm9wMTFKTktneHRsNTRnNmhiSUlOaXVVOEhxOExUNUs2SXAzZE5ZN1E1WFV2U09rTVUwZUg5M3ZDMExVaWVYZDJBektqSUtaa3lZNmlDdi9BSis5SUNvQk9FMHBTZnl2RjNiZjRWRmhWQkwvSVBFMFg1eTBIZzFERmNZWXhqaVhrYXU2cmN2NjBDcEZ6ejdxaFJCOTJyWDEyMm0zRHlaR3ZVVHJEalVsRXd0Mk0yazhyNy8zWjlURWc2VE9wc3ovMmNEME1xTHBNOWJtenpkZWQ4MzZoUC83WlJiUG5UNGM0OHAvakRCMXNieTMyS1E9PTwvZHM6U2lnbmF0dXJlVmFsdWU&#x2b;PGRzOktleUluZm8&#x2b;PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU&#x2b;TUlJRHREQ0NBcHlnQXdJQkFnSUdBVmhLZEhkc01BMEdDU3FHU0liM0RRRUJDd1VBTUlHYU1Rc3dDUVlEVlFRR0V3SlZVekVUTUJFRwpBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeVlXNWphWE5qYnpFTk1Bc0dBMVVFQ2d3RVQydDBZVEVVCk1CSUdBMVVFQ3d3TFUxTlBVSEp2ZG1sa1pYSXhHekFaQmdOVkJBTU1Fbk51YjNkbWJHRnJaV052YlhCMWRHbHVaekVjTUJvR0NTcUcKU0liM0RRRUpBUllOYVc1bWIwQnZhM1JoTG1OdmJUQWVGdzB4TmpFeE1Ea3hPRFUzTVRaYUZ3MHlOakV4TURreE9EVTRNVFphTUlHYQpNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeVlXNWphWE5qCmJ6RU5NQXNHQTFVRUNnd0VUMnQwWVRFVU1CSUdBMVVFQ3d3TFUxTlBVSEp2ZG1sa1pYSXhHekFaQmdOVkJBTU1Fbk51YjNkbWJHRnIKWldOdmJYQjFkR2x1WnpFY01Cb0dDU3FHU0liM0RRRUpBUllOYVc1bWIwQnZhM1JoTG1OdmJUQ0NBU0l3RFFZSktvWklodmNOQVFFQgpCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMY1VadDZEMVh0ck1Mc08rakp4cS95R29LV1JBbXRTeU9kSVhITEVkMWppSFNuUkxOdEM5VldaClNHVTVZcTliSDlrR0x3NDZrVWZXcXlGb05rM2VQOVVQRlY2NUZ3emtrU24rNDhYMkl4WXBHUjcwSnJjYlBBS3l6VlR4M1U5NXkrZ0MKaUlkSjdsWUFNNWxCaUY5UTgxVjE5RzA2cHpsbzBSVlpPQ09sbHZCU2RrUnJiQXhlRGNTN2tSRElxUGh6SHdIM1hWOWpmLzRjZVhmUQpCUXZjKzIxWEZnTzRXTmtrWUxlemllYzQzNkd2aittRmRLVHhiTktpQmdxbnQ5VUZmM3hxdG01ajlyTDdHQ0VtNmVnL0dhdW84VFZNCng3c21GSVBkZVNrUmRFVytxU2tPbjlHdzhZZHNEY2UzRTRjVXlnY3o1WjZMakFRbGNVYVNaVTlqZlpNQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQVFFQVdURmowVXkwQ0xGbThYdzh3dlhjQlA3aU5vMjFIcS9rbStJL0UzbnVKMDlPcmlFamMwRGJyZ0ZvN3ZqSQpxSUU4YWEyM2J3eUlBbEZZQzZ3NlF6TFpIeG9EbnpLU1FRSEM5NXVEYW9XcXVvWTdYb3UvSjlvQjJtQy8vL0l5ME1OOHljWCs1YnRuClM2cWRWVnVXaE9HMEMrOXg4UGIydW1DNlFUcXBTZ3E0U01nV0VOellFUnZaRDgzTTFsZzY5aElZaVRqZ2tCMU1FQXZWbUs0N0M2UlgKQXZzMld1T0Vkc1V3M1g4T0FSLzh4TWlpamt3ZzByeU93TGxONzRHZGphTEVnWU5PM0tqdjNiOEh3UlJKMXdkekxZV0tBaXFXb1R3aQpXcGNZcytlbVlPcVZSNTJzR1NGYnQrbmEzVStFZXRtVStPa0J1TjhIcXJYVFY5ekFmZTE3SGc9PTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE&#x2b;PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sMnA6U3RhdHVzIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbDJwOlN0YXR1cz48c2FtbDI6QXNzZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iaWQzNjkyNzc3NDQwNTUxMTYwMTQ1MDQ4NjgyOSIgSXNzdWVJbnN0YW50PSIyMDE5LTA1LTI4VDIxOjM0OjE5LjMyNloiIFZlcnNpb249IjIuMCI&#x2b;PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly93d3cub2t0YS5jb20vZXhrMWE1NWlrcHpXMVZQVnIxZDg8L3NhbWwyOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8&#x2b;PGRzOlJlZmVyZW5jZSBVUkk9IiNpZDM2OTI3Nzc0NDA1NTExNjAxNDUwNDg2ODI5Ij48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8&#x2b;PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHM6RGlnZXN0VmFsdWU&#x2b;VUQ0SHNVNzRCbGFSNjcxTnJBaFVvNWJqYlpEemJwTnp0SVpza2lJMGRkTT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU&#x2b;aVA0emZWQVJsdTVaM0gya3B4V0hYeVNpZzZabERKdXdvd0FobW95Wmg3VmxPK0txaGdvYXBrTGxxNW1FTTdhTXg3V3VodjBRM0luNjlaYjl6UGJqaWpsYWQzWW4vTTRDVGVveFZBV0dUN1VtMDhJdnBsc2NEK1RKSks1WG9BRWZVcGp3MVlzczgycEJhVlgwbVp1citla1Y1MEhvUUhsb1FUTUpDeHJ4aXB0aXBSSmhlblR5QVBQelVDQ3R5K1crenNKaWZTdnRLNWFEcmEvSnlRMFJyRWNlakdKRjlrbFlFUnVwNGE1QlpMSmlKQ1JLWXZzOCtYWlhjakVMV1RIWUpHMjUvZXRBVVgvQ3drU3h6WlYzckU4ZjVMbU9iTTJGTTg5bjE5aHJTc0tmUWFhdkU3WDBEeURJTU5GNHpoZndFcTVUZTJaWXdRMnczRHZHazBBekxRPT08L2RzOlNpZ25hdHVyZVZhbHVlPjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUR0RENDQXB5Z0F3SUJBZ0lHQVZoS2RIZHNNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JR2FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUcKQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVTJGdUlFWnlZVzVqYVhOamJ6RU5NQXNHQTFVRUNnd0VUMnQwWVRFVQpNQklHQTFVRUN3d0xVMU5QVUhKdmRtbGtaWEl4R3pBWkJnTlZCQU1NRW5OdWIzZG1iR0ZyWldOdmJYQjFkR2x1WnpFY01Cb0dDU3FHClNJYjNEUUVKQVJZTmFXNW1iMEJ2YTNSaExtTnZiVEFlRncweE5qRXhNRGt4T0RVM01UWmFGdzB5TmpFeE1Ea3hPRFU0TVRaYU1JR2EKTVFzd0NRWURWUVFHRXdKVlV6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVTJGdUlFWnlZVzVqYVhOagpiekVOTUFzR0ExVUVDZ3dFVDJ0MFlURVVNQklHQTFVRUN3d0xVMU5QVUhKdmRtbGtaWEl4R3pBWkJnTlZCQU1NRW5OdWIzZG1iR0ZyClpXTnZiWEIxZEdsdVp6RWNNQm9HQ1NxR1NJYjNEUUVKQVJZTmFXNW1iMEJ2YTNSaExtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUIKQlFBRGdnRVBBRENDQVFvQ2dnRUJBTGNVWnQ2RDFYdHJNTHNPK2pKeHEveUdvS1dSQW10U3lPZElYSExFZDFqaUhTblJMTnRDOVZXWgpTR1U1WXE5Ykg5a0dMdzQ2a1VmV3F5Rm9OazNlUDlVUEZWNjVGd3pra1NuKzQ4WDJJeFlwR1I3MEpyY2JQQUt5elZUeDNVOTV5K2dDCmlJZEo3bFlBTTVsQmlGOVE4MVYxOUcwNnB6bG8wUlZaT0NPbGx2QlNka1JyYkF4ZURjUzdrUkRJcVBoekh3SDNYVjlqZi80Y2VYZlEKQlF2YysyMVhGZ080V05ra1lMZXppZWM0MzZHdmorbUZkS1R4Yk5LaUJncW50OVVGZjN4cXRtNWo5ckw3R0NFbTZlZy9HYXVvOFRWTQp4N3NtRklQZGVTa1JkRVcrcVNrT245R3c4WWRzRGNlM0U0Y1V5Z2N6NVo2TGpBUWxjVWFTWlU5amZaTUNBd0VBQVRBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFXVEZqMFV5MENMRm04WHc4d3ZYY0JQN2lObzIxSHEva20rSS9FM251SjA5T3JpRWpjMERicmdGbzd2akkKcUlFOGFhMjNid3lJQWxGWUM2dzZRekxaSHhvRG56S1NRUUhDOTV1RGFvV3F1b1k3WG91L0o5b0IybUMvLy9JeTBNTjh5Y1grNWJ0bgpTNnFkVlZ1V2hPRzBDKzl4OFBiMnVtQzZRVHFwU2dxNFNNZ1dFTnpZRVJ2WkQ4M00xbGc2OWhJWWlUamdrQjFNRUF2Vm1LNDdDNlJYCkF2czJXdU9FZHNVdzNYOE9BUi84eE1paWprd2cwcnlPd0xsTjc0R2RqYUxFZ1lOTzNLanYzYjhId1JSSjF3ZHpMWVdLQWlxV29Ud2kKV3BjWXMrZW1ZT3FWUjUyc0dTRmJ0K25hM1UrRWV0bVUrT2tCdU44SHFyWFRWOXpBZmUxN0hnPT08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbDI6U3ViamVjdCB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI&#x2b;PHNhbWwyOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIj5xYUBzbm93Zmxha2Vjb21wdXRpbmcuY29tPC9zYW1sMjpOYW1lSUQ&#x2b;PHNhbWwyOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDE5LTA1LTI4VDIxOjM5OjE5LjMyNloiIFJlY2lwaWVudD0iaHR0cDovL3Rlc3RhY2NvdW50LnNub3dmbGFrZWNvbXB1dGluZy5jb206ODA4Mi9mZWQvbG9naW4iLz48L3NhbWwyOlN1YmplY3RDb25maXJtYXRpb24&#x2b;PC9zYW1sMjpTdWJqZWN0PjxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxOS0wNS0yOFQyMToyOToxOS4zMjZaIiBOb3RPbk9yQWZ0ZXI9IjIwMTktMDUtMjhUMjE6Mzk6MTkuMzI2WiIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sMjpBdWRpZW5jZT5odHRwOi8vdGVzdGFjY291bnQuc25vd2ZsYWtlY29tcHV0aW5nLmNvbTo4MDgyL2ZlZC9sb2dpbjwvc2FtbDI6QXVkaWVuY2U&#x2b;PC9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDI6Q29uZGl0aW9ucz48c2FtbDI6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE5LTA1LTI4VDIxOjM0OjE5LjMyNloiIFNlc3Npb25JbmRleD0iaWQxNTU5MDc5MjU5MzI2LjQ0NjkwMzY4OCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sMjpBdXRobkNvbnRleHQ&#x2b;PHNhbWwyOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9zYW1sMjpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWwyOkF1dGhuQ29udGV4dD48L3NhbWwyOkF1dGhuU3RhdGVtZW50Pjwvc2FtbDI6QXNzZXJ0aW9uPjwvc2FtbDJwOlJlc3BvbnNlPg&#x3d;&#x3d;\"/>\n    <input name=\"RelayState\" type=\"hidden\" value=\"&#x2f;some&#x2f;deep&#x2f;link\"/>\n</form>\n\n<script src=\"https://ok3static.oktacdn.com/assets/js/app/sso/interstitial.474dce61acfac4a4d016921943cf2a68.js\" crossorigin=\"anonymous\" integrity=\"sha384-rIRjIHrr5XnyB1DG8t+uL1F3e5asM+gYMial0fj56hCWADEBdp3BiwtOAnNpU7Zc\" type=\"text/javascript\"></script></div>\n<!-- close #container -->\n</body>\n</html>\n");
-
+        StringContent correctPostbackContent = new StringContent("<form action=\"https://test.okta.com/\"");
         const int MaxRetryCount = 15;
         const int MaxRetryTimeout = 400;
 
@@ -80,6 +82,49 @@ public void TestWrongPostbackUrl()
             }
         }
 
+        [Test]
+        public void TestCorrectPostbackUrl()
+        {
+            try
+            {
+                var restRequester = new Mock.MockOktaRestRequester()
+                {
+                    TokenUrl = "https://test.okta.com/api/v1/sessions?additionalFields=cookieToken",
+                    SSOUrl = "https://test.okta.com/app/snowflake_testaccountdev_1/blah/sso/saml",
+                    ResponseContent = correctPostbackContent,
+                    MaxRetryCount = MaxRetryCount,
+                    MaxRetryTimeout = MaxRetryTimeout
+                };
+                var sfSession = new SFSession("account=test;user=test;password=test;authenticator=https://test.okta.com;host=test.okta.com", null, restRequester);
+                sfSession.Open();
+            } catch (SnowflakeDbException e)
+            {
+                Assert.Fail("Should pass without exception", e);
+            }
+        }
+
+        [Test]
+        public void TestCorrectPostbackUrlAsync()
+        {
+            try
+            {
+                var restRequester = new Mock.MockOktaRestRequester()
+                {
+                    TokenUrl = "https://test.okta.com/api/v1/sessions?additionalFields=cookieToken",
+                    SSOUrl = "https://test.okta.com/app/snowflake_testaccountdev_1/blah/sso/saml",
+                    ResponseContent = correctPostbackContent,
+                    MaxRetryCount = MaxRetryCount,
+                    MaxRetryTimeout = MaxRetryTimeout
+                };
+                var sfSession = new SFSession("account=test;user=test;password=test;authenticator=https://test.okta.com;host=test.okta.com", null, restRequester);
+                Task connectTask = sfSession.OpenAsync(CancellationToken.None);
+                connectTask.Wait();
+            } catch (SnowflakeDbException e)
+            {
+                Assert.Fail("Should pass without exception", e);
+            }
+        }
+
         [Test]
         public void TestLoginRequestToString()
         {
diff --git a/Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs b/Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs
index be04ceab7..dae821878 100644
--- a/Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs
+++ b/Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs
@@ -88,7 +88,7 @@ async Task IAuthenticator.AuthenticateAsync(CancellationToken cancellationToken)
 
                     logger.Debug("step 6: send SAML reponse to snowflake to login");
                     await base.LoginAsync(cancellationToken).ConfigureAwait(false);
-                    break;
+                    return;
                 }
                 catch (Exception ex)
                 {
@@ -155,7 +155,7 @@ void IAuthenticator.Authenticate()
 
                     logger.Debug("step 6: send SAML reponse to snowflake to login");
                     base.Login();
-                    break;
+                    return;
                 }
                 catch(Exception ex)
                 {

From 0088e617ca28c586f487560c4942fd814e1a90e6 Mon Sep 17 00:00:00 2001
From: sfc-gh-ext-simba-lf <lfarol@magnitude.com>
Date: Fri, 9 Feb 2024 16:12:16 -0800
Subject: [PATCH 7/7] SNOW-916949: Make log level match other log messages

---
 Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs b/Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs
index dae821878..6e258af5b 100644
--- a/Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs
+++ b/Snowflake.Data/Core/Authenticator/OktaAuthenticator.cs
@@ -95,7 +95,7 @@ async Task IAuthenticator.AuthenticateAsync(CancellationToken cancellationToken)
                     lastRetryException = ex;
                     if (IsPostbackUrlNotFound(lastRetryException))
                     {
-                        logger.Info("Refreshing token for Okta re-authentication and starting from step 3 again");
+                        logger.Debug("Refreshing token for Okta re-authentication and starting from step 3 again");
 
                         // Get the current retry count and timeout elapsed from the response headers
                         retryCount += int.Parse(samlRawResponse.Content.Headers.GetValues(RetryCountHeader).First());