OpenID authentication to Okta fails with the following message: "You must accept the request for permissions to log in to TIBCO Spotfire"
Article ID: KB0076616
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.8 or higher |
Description
With OpenID authentication enabled and the Identity Provider is Okta, we may see the following message when we browse the Spotfire Server URL:
You must accept the request for permissions to log in to TIBCO Spotfire
When we review the server.log file on TIBCO Spotfire Server that has DEBUG logging enabled, we can see the following set of lines:
DEBUG 2019-11-22T09:38:58,781-0800 [unknown, #7, #92] server.security.SessionUtil: Session created.
DEBUG 2019-11-22T09:38:59,078-0800 [unknown, #7, #92] server.security.SessionUtil: Invalidating the session
DEBUG 2019-11-22T09:38:59,627-0800 [unknown, #6, #93] server.security.AuthenticationManager: Attempting authentication using the OpenID Connect authenticator
DEBUG 2019-11-22T09:38:59,627-0800 [unknown, #6, #93] auth.oidc.OidcAuthenticator: An error response was returned from the authorization endpoint (access_denied)
DEBUG 2019-11-22T09:38:59,627-0800 [unknown, #6, #93] server.security.SecurityFilter: User authentication failed
Resolution
Also please make sure to follow Step # 10 of the following KBA How to configure OpenID connect authentication with Okta on the TIBCO Spotfire Server to setup permissions for relevant Spotfire users who are to be authenticated via Okta.
Issue/Introduction
Additional Information
Feedback
