Support Questions

I've deployed a secured NiFi cluster on Kubernetes in Azure, and am attempting to configure OIDC against Azure AD for auth. I've created an app registration in AAD and configured the OIDC settings in nifi.properties as follows:

nifi.security.user.oidc.discovery.url=https://login.microsoftonline.com/dvn.onmicrosoft.com/.well-known/openid-configuration
nifi.security.user.oidc.connect.timeout=5 secs
nifi.security.user.oidc.read.timeout=5 secs
nifi.security.user.oidc.client.id=a8d7d98f-588a-4e30-b93c-1730de5512b1
nifi.security.user.oidc.client.secret=*********************************
nifi.security.user.oidc.preferred.jwsalgorithm=

However, the login sequence always fails with:

 Purposed state does not match the stored state. Unable to continue login process.

Can anyone shed some light on what I might be doing wrong? Thanks