6ca1ec6fbe
* Delete old docs and rename the openmetadata-docs-v1 to openmetadata-docs * Delete old docs and rename the openmetadata-docs-v1 to openmetadata-docs * Delete old docs and rename the openmetadata-docs-v1 to openmetadata-docs
1.8 KiB
| title | slug |
|---|---|
| Toubleshooting Okta SSO | /deployment/security/okta/troubleshoot |
Troubleshooting Okta SSO
Troubleshooting Ingesion with Okta SSO via CLI or Ariflow
-
AuthenticationException: During metadata ingestion process if you face the see the error
AuthenticationExceptionwith messageCould not fetch the access token please validate the orgURL & clientId in configuration, One of the possible reason for this error could be that you are passing incorrectclientIdin thesecurityConfig, Make sure you are passingclientIdof the Ingestion Client (i.e the service application) and not the Single Page Application. If theclientIdprovided is correct and you are still facing this error then please also validate theorgURL, expected value fororgURLfield is<ISSUER-URL>/v1/token -
RSA key format is not supported: If you are getting the error as
RSA key format is not supported, this might be due to incorrectprivateKeypassed in thesecurityConfigconfiguration for ingestion. TheprivateKeyfield refers to thepublic/private keypairplease refer to step 1 ofCreating Service Application. A sample configuration forprivateKeylooks like as follows:
securityConfig:
clientId: <Ingestion Client ID>
orgURL: <Issuer URL>/v1/token
privateKey: '{ "p": "<value>", "kty": "RSA", "q": "<value>", "d": "<value>", "e": "AQAB", "use": "sig", "kid": "<value>", "qi": "<value>", "dp": "<value>", "alg": "RS256", "dq": "<value>", "n": "<value>" }'
email: <email>
- User instance not found: If you are getting an error as
user instance for <client id> not found, this is because you might not have added Ingestion Okta Service Application clientId in principles. Please refer to the configuration for your deployment.