mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-10-24 07:14:48 +00:00
22 lines
1.8 KiB
Markdown
22 lines
1.8 KiB
Markdown
---
|
|
title: Toubleshooting Okta SSO
|
|
slug: /deployment/security/okta/troubleshoot
|
|
---
|
|
|
|
# Troubleshooting Okta SSO
|
|
|
|
### Troubleshooting Ingesion with Okta SSO via CLI or Ariflow
|
|
|
|
- **AuthenticationException**: During metadata ingestion process if you face the see the error `AuthenticationException` with message `Could not fetch the access token please validate the orgURL & clientId in configuration`, One of the possible reason for this error could be that you are passing incorrect `clientId` in the `securityConfig`, Make sure you are passing `clientId` of the Ingestion Client (i.e the service application) and not the Single Page Application. If the `clientId` provided is correct and you are still facing this error then please also validate the `orgURL`, expected value for `orgURL` field is `<ISSUER-URL>/v1/token`
|
|
|
|
- **RSA key format is not supported**: If you are getting the error as `RSA key format is not supported`, this might be due to incorrect `privateKey` passed in the `securityConfig` configuration for ingestion. The `privateKey` field refers to the `public/private keypair` please refer to step 1 of `Creating Service Application`. A sample configuration for `privateKey` looks like as follows:
|
|
```
|
|
securityConfig:
|
|
clientId: <Ingestion Client ID>
|
|
orgURL: <Issuer URL>/v1/token
|
|
privateKey: '{ "p": "<value>", "kty": "RSA", "q": "<value>", "d": "<value>", "e": "AQAB", "use": "sig", "kid": "<value>", "qi": "<value>", "dp": "<value>", "alg": "RS256", "dq": "<value>", "n": "<value>" }'
|
|
email: <email>
|
|
```
|
|
|
|
- **User instance not found**: If you are getting an error as `user instance for <client id> not found`, this is because you might not have added Ingestion Okta Service Application clientId in principles. Please refer to the configuration for your deployment.
|