Troubleshooting
Problem
Authenticating to a Maximo Mobile for EAM environment that uses SAML authentication fails to load the SSO login page, which results in a UNAUTHENTICATED error that shows in the WebSphere console logs.
Symptom
The application fails to redirect to the identity provider when the request is intercepted and proceeds to the regular Maximo Mobile login page. Attempting to enter your user name and password into the screen results in a login failure on screen and the following error in the WebSphere SystemOut.log file.
SECJ0053E: Authorization failed for /UNAUTHENTICATED while invoking (Bean)MAXIMO#mboejb.jar#accesstokenprovider getAccessToken::3 is not granted any of the required roles: maximouser
Cause
This occurs when the SAML configuration on WebSphere is missing the sso_1_sp.login.error.page property from the interceptor. With the property missing, the mobile application doesn't know where to redirect to when initially attempting to access Maximo unauthenticated.
Resolving The Problem
To resolve the issue, perform the following steps.
- Log into WebSphere and expand Security and select Security Domains.
- Select the domain for your SAML configuration.
- Expand Trust Association and select Interceptors.
- Select com.ibm.ws.security.web.saml.ACSTrustAssociationInterceptor
- Add the property sso_1.sp.login.error.page and point it to your IDP application login page
- e.g https://mobileadfs.local/adfs/ls/IdpInitiatedSignOn.htm?loginToRP=https://maximomobile.local/samlsps/acs
- Save your changes to the configuration and synchronize the node.
Once complete you will redirect to your IDP login page and authenticate to Maximo Mobile that uses SAML authentication.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRHPA","label":"IBM Maximo Application Suite"},"ARM Category":[{"code":"a8m3p000000hAgaAAE","label":"Maximo Application Suite-\u003EMAS Applications-\u003EMobile"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
29 May 2023
UID
ibm16999147