Troubleshooting
Problem
An OIDC (OpenID Connect) authentication provider using OKTA is configured with Cognos Analytics 11.1.7. But when users try to connect using this namespace, they get an "Invalid Login Response" error and the login fails.
Cause
The Return URL is case-sensitive on the JSP class name. A URL in this format https://<cognos-server.com>/ibmcognos/bi/completeauth.jsp was used instead of
https://<cognos-server.com>/ibmcognos/bi/completeAuth.jsp
Diagnosing The Problem
Enabling the OIDC traces (https://www.ibm.com/support/pages/how-run-oidc-open-id-connect-trace-cognos-analytics) will show errors like:
2021-12-07T12:30:12.321+0000 DEBUG com.ibm.cognos.camaaa.internal.OIDC.provider.OIDCAuthProvider [Default Executor-thread-2122] MM8dd84jsGsqsv4Gq9jyjww8h49jvCwGGhyMj9Gy Cv4sh2lwMdG4qvjsMlw8wGwGd8yMMwvCwd4ss2C CyCqv4hdlvG4vvq4hlsls9js9ylyhC9vj49y2C8q NA 10.X.X.X 64260 NA IBM Cognos 13208 Code not found... about to redirect
And enabling Fiddler traces (https://www.ibm.com/support/pages/how-perform-fiddler-trace-capture-network-traffic-0) will show HTTP 404 (Not Found) like:
# Result Protocol Host URL Body Caching Content-Type Process Comments Custom
373 404 HTTPS <cognos-server.com> /ibmcognos/bi/completeauth.jsp?code=XXXXX
Resolving The Problem
Use a Return URL in this format https://<cognos-server.com>/ibmcognos/bi/completeAuth.jsp by ensuring that the JSP class name is : completeAuth.jsp with the A in capital letter.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m50000000Cl6OAAS","label":"Installation and Configuration-\u003EAuthentication"}],"ARM Case Number":"TS007747715","Platform":[{"code":"PF033","label":"Windows"}],"Version":"11.1.7"}]
Was this topic helpful?
Document Information
Modified date:
30 December 2021
UID
ibm16537616