OpenID authentication to Okta fails with the following message: "You must accept the request for permissions to log in to TIBCO Spotfire"
Article ID: KB0076616
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.8 or higher |
Description
With OpenID authentication enabled and the Identity Provider is Okta, we may see the following message when we browse the Spotfire Server URL:
You must accept the request for permissions to log in to TIBCO Spotfire
When we review the server.log file on TIBCO Spotfire Server that has DEBUG logging enabled, we can see the following set of lines:
DEBUG 2019-11-22T09:38:58,781-0800 [unknown, #7, #92] server.security.SessionUtil: Session created.
DEBUG 2019-11-22T09:38:59,078-0800 [unknown, #7, #92] server.security.SessionUtil: Invalidating the session
DEBUG 2019-11-22T09:38:59,627-0800 [unknown, #6, #93] server.security.AuthenticationManager: Attempting authentication using the OpenID Connect authenticator
DEBUG 2019-11-22T09:38:59,627-0800 [unknown, #6, #93] auth.oidc.OidcAuthenticator: An error response was returned from the authorization endpoint (access_denied)
DEBUG 2019-11-22T09:38:59,627-0800 [unknown, #6, #93] server.security.SecurityFilter: User authentication failed
You must accept the request for permissions to log in to TIBCO Spotfire
When we review the server.log file on TIBCO Spotfire Server that has DEBUG logging enabled, we can see the following set of lines:
DEBUG 2019-11-22T09:38:58,781-0800 [unknown, #7, #92] server.security.SessionUtil: Session created.
DEBUG 2019-11-22T09:38:59,078-0800 [unknown, #7, #92] server.security.SessionUtil: Invalidating the session
DEBUG 2019-11-22T09:38:59,627-0800 [unknown, #6, #93] server.security.AuthenticationManager: Attempting authentication using the OpenID Connect authenticator
DEBUG 2019-11-22T09:38:59,627-0800 [unknown, #6, #93] auth.oidc.OidcAuthenticator: An error response was returned from the authorization endpoint (access_denied)
DEBUG 2019-11-22T09:38:59,627-0800 [unknown, #6, #93] server.security.SecurityFilter: User authentication failed
Issue/Introduction
OpenID authentication to Okta fails with the following message: "You must accept the request for permissions to log in to TIBCO Spotfire"
Resolution
The reason for the authentication to fail is that the application (Spotfire in this case) has to be authorized on the Okta Portal.
Also please make sure to follow Step # 10 of the following KBA How to configure OpenID connect authentication with Okta on the TIBCO Spotfire Server to setup permissions for relevant Spotfire users who are to be authenticated via Okta.
Also please make sure to follow Step # 10 of the following KBA How to configure OpenID connect authentication with Okta on the TIBCO Spotfire Server to setup permissions for relevant Spotfire users who are to be authenticated via Okta.
Additional Information
KBA: How to configure OpenID connect authentication with Okta on the TIBCO Spotfire Server (Refer step #10)
Feedback
Yes
No
Powered by
