Product: TIBCO Spotfire®
OpenID Authentication with Okta fails with the following error "server.security.PostAuthenticationFilterImpl: Denying access, the user principal '00ufmbrudiNN2JRUR0h7@https://dev-864840.oktapreview.com' cannot be found in the User Directory"
When you are using OpenID authentication with Okta, after setting up with the configuration when you try to connect to Spotfire server URL and then redirected to Okta for providing Username and Password. Authentication fails and error message is displayed on the UI i.e "Could not login. Verify the server details or contact your administrator." message and "Go to login page" button.
Below is the error seen in server.log
DEBUG 2017-02-08T16:27:45,197-0600 [unknown, #1462, #14734] server.security.AuthenticationManager: Attempting authentication using the OpenID Connect authenticator
DEBUG 2017-02-08T16:27:45,587-0600 [unknown, #1462, #14734] auth.oidc.TokenEndpointResponse: Performing full ID token validation (including signature verification)
DEBUG 2017-02-08T16:27:45,587-0600 [unknown, #1462, #14734] auth.oidc.OidcAuthenticator: Successfully authenticated the user against the OpenID Connect provider 'Okta' as '00ufmbrudiNN2JRUR0h7@https://dev-864840.oktapreview.com' (Jakobs, Jef)
DEBUG 2017-02-08T16:27:45,587-0600 [unknown, #1462, #14734] server.userdir.UserDirectoryImpl: Checking if the user principal 00ufmbrudiNN2JRUR0h7@https://dev-864840.oktapreview.com has been recently added to the external provider
DEBUG 2017-02-08T16:27:45,587-0600 [unknown, #1462, #14734] server.userdir.UserDirectoryImpl: The user principal 00ufmbrudiNN2JRUR0h7@https://dev-864840.oktapreview.com has not been recently added to the external provider
INFO 2017-02-08T16:27:45,587-0600 [unknown, #1462, #14734] server.security.PostAuthenticationFilterImpl: Denying access, the user principal '00ufmbrudiNN2JRUR0h7@https://dev-864840.oktapreview.com' cannot be found in the User Directory
ERROR 2017-02-08T16:27:45,587-0600 [unknown, #1462, #14734] server.security.SecurityFilter: Internal error when authenticating user
com.spotfire.server.security.UnauthenticatedException at com.spotfire.server.security.AuthenticationManager.authenticateNonAnonymously(AuthenticationManager.java:332)
As per the logs OpenId Connect has been successfully setup towards Okta. Now you need to make sure if there are authenticated users in the Spotfire database. For the above error message it is required to set "Post Authentication filter" to "Auto-Create" so that Spotfire can automatically create the users in the database. By default "Post Authentication filter" is set to "Block".
Comments
0 comments
Article is closed for comments.