Product: TIBCO Spotfire®
OpenID authentication to Okta fails with the following message: "You must accept the request for permissions to log in to TIBCO Spotfire"
With OpenID authentication enabled and the Identity Provider is Okta, we may see the following message when we browse the Spotfire Server URL:
You must accept the request for permissions to log in to TIBCO Spotfire
When we review the server.log file on TIBCO Spotfire Server that has DEBUG logging enabled, we can see the following set of lines:
DEBUG 2019-11-22T09:38:58,781-0800 [unknown, #7, #92] server.security.SessionUtil: Session created.
DEBUG 2019-11-22T09:38:59,078-0800 [unknown, #7, #92] server.security.SessionUtil: Invalidating the session
DEBUG 2019-11-22T09:38:59,627-0800 [unknown, #6, #93] server.security.AuthenticationManager: Attempting authentication using the OpenID Connect authenticator
DEBUG 2019-11-22T09:38:59,627-0800 [unknown, #6, #93] auth.oidc.OidcAuthenticator: An error response was returned from the authorization endpoint (access_denied)
DEBUG 2019-11-22T09:38:59,627-0800 [unknown, #6, #93] server.security.SecurityFilter: User authentication failed
The reason for the authentication to fail is that the application (Spotfire in this case) has to be authorized on the Okta Portal.
Also please make sure to follow Step # 10 of the following KBA How to configure OpenID connect authentication with Okta on the TIBCO Spotfire Server to setup permissions for relevant Spotfire users who are to be authenticated via Okta.
KBA: How to configure OpenID connect authentication with Okta on the TIBCO Spotfire Server (Refer step #10)
Comments
0 comments
Article is closed for comments.