IBM Support

UNAUTHENTICATED error during login to Maximo Mobile for EAM using SAML

Troubleshooting


Problem

Authenticating to a Maximo Mobile for EAM environment that uses SAML authentication fails to load the SSO login page, which results in a UNAUTHENTICATED error that shows in the WebSphere console logs.

Symptom

The application fails to redirect to the identity provider when the request is intercepted and proceeds to the regular Maximo Mobile login page.  Attempting to enter your user name and password into the screen results in a login failure on screen and the following error in the WebSphere SystemOut.log file.
 SECJ0053E: Authorization failed for /UNAUTHENTICATED while invoking (Bean)MAXIMO#mboejb.jar#accesstokenprovider
 getAccessToken::3 is not granted any of the required roles: maximouser 

Cause

This occurs when the SAML configuration on WebSphere is missing the sso_1_sp.login.error.page property from the interceptor.  With the property missing, the mobile application doesn't know where to redirect to when initially attempting to access Maximo unauthenticated. 

Resolving The Problem

To resolve the issue, perform the following steps.
  1. Log into WebSphere and expand Security and select Security Domains.
  2. Select the domain for your SAML configuration.
  3. Expand Trust Association and select Interceptors.
  4. Select com.ibm.ws.security.web.saml.ACSTrustAssociationInterceptor
  5. Add the property  sso_1.sp.login.error.page and point it to your IDP application login page
    • e.g https://mobileadfs.local/adfs/ls/IdpInitiatedSignOn.htm?loginToRP=https://maximomobile.local/samlsps/acs
  6. Save your changes to the configuration and synchronize the node.
Once complete you will redirect to your IDP login page and authenticate to Maximo Mobile that uses SAML authentication.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRHPA","label":"IBM Maximo Application Suite"},"ARM Category":[{"code":"a8m3p000000hAgaAAE","label":"Maximo Application Suite-\u003EMAS Applications-\u003EMobile"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
29 May 2023

UID

ibm16999147

Page Feedback