Troubleshooting
Problem
Scheduled reports fail in Cognos Analytics with the following exception:
CM-REQ-4342 An error occurred with the client.</messageString></message><message><messageString>CM-REQ-4159 Content Manager returned an error in the response header. The error "cmAuthenticateFailed CM-CAM-4005 Unable to authenticate. Check your security directory server connection and confirm the credentials entered at login." can be found in the response SOAP header.</messageString></message></messages>
Cognos Analytics is configurated with Azure authentication and scheduling strategy is set to Refresh Token
Symptom
Enabiling OIDC trace produces the following entries in the cognoserver.log
NA IBM Cognos 7364 Call to IdP failed to get identity. Status 401
NA IBM Cognos 7364 all to IdP failed to get identity. Body: {"error":{"code":"InvalidAuthenticationToken","message":"CompactToken parsing failed with error code: 80049217","innerError":{"date":"2023-xx-xxT1:48:00","request-id":"XXXXXXXXXXXX","client-request-id":"XXXXXXXXXXXXX"}}}
Exception when calling IdP for document https://graph.microsoft.com/v1.0/groups/getByIds Reason: com.cognos.CAM_AAA.authentication.UnrecoverableException
Exception when calling IdP for document https://graph.microsoft.com/v1.0/groups/getByIds Reason: com.cognos.CAM_AAA.authentication.UnrecoverableException
Cause
The user must include the offline_access scope when requesting a Refresh Token. In this particular scenario, the scope for offline_access was missing under the 'Scope for authorize endpoint' provided on the Cognos configuration
Diagnosing The Problem
The issue affects only reports which are scheduled in Cognos.
Resolving The Problem
Ensure the following scope offline_access is added to the 'Scope of authorize endpoint'
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m50000000Cl6OAAS","label":"Security-\u003EAuthentication\/SSO"}],"ARM Case Number":"TS011862871","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
20 January 2023
UID
ibm16856755