IBM Support

Scheduled reports fail in Cognos Analytics configured with Microsoft Azure Authentication

Troubleshooting


Problem

Scheduled reports fail in Cognos Analytics with the following exception:
CM-REQ-4342 An error occurred with the client.</messageString></message><message><messageString>CM-REQ-4159 Content Manager returned an error in the response header. The error &quot;cmAuthenticateFailed CM-CAM-4005 Unable to authenticate. Check your security directory server connection and confirm the credentials entered at login.&quot; can be found in the response SOAP header.</messageString></message></messages>
 
Cognos Analytics is configurated with Azure authentication and scheduling strategy is set to Refresh Token

Symptom

Enabiling OIDC trace produces the following entries in the cognoserver.log
     NA        IBM Cognos    7364    Call to IdP failed to get identity. Status 401
     NA        IBM Cognos    7364    all to IdP failed to get identity. Body: {"error":{"code":"InvalidAuthenticationToken","message":"CompactToken parsing failed with error code: 80049217","innerError":{"date":"2023-xx-xxT1:48:00","request-id":"XXXXXXXXXXXX","client-request-id":"XXXXXXXXXXXXX"}}}
    Exception when calling IdP for document https://graph.microsoft.com/v1.0/groups/getByIds Reason: com.cognos.CAM_AAA.authentication.UnrecoverableException

Cause

The user must include the offline_access scope when requesting a Refresh Token. In this particular scenario, the scope for offline_access was missing under the 'Scope for authorize endpoint' provided on the Cognos configuration

Diagnosing The Problem

The issue affects only reports which are scheduled in Cognos.

Resolving The Problem

Ensure the following scope offline_access is added to the 'Scope of authorize endpoint'
ScopeAzure

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m50000000Cl6OAAS","label":"Security-\u003EAuthentication\/SSO"}],"ARM Case Number":"TS011862871","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
20 January 2023

UID

ibm16856755

Page Feedback