PowerProtect Data Manager - Reconfiguring OKTA SSO after upgrade
Summary: OKTA SSO is not working after PowerProtect Data Manager Update from 19.13 to 19.14. Hotfix is applied to PowerProtect Data Manager 19.13 as (PPDMESC-3304)
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
aaa.log:
./aaa.2023-08-23.0.log.gz:org.springframework.security.oauth2.jwt.JwtException: An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching keys found
Cause
The Error in aaa.log:
2023-08-24T07:39:26.964Z ERROR [] [https-jsse-nio-9090-exec-1] [][][][TRACE_ID:97d2704ca1652f50][] [c.e.b.a.s.s.DefaultSsoService.lambda$1(71)] - SSO login issue: {}
org.springframework.security.oauth2.jwt.JwtException: An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching keys found
It means that AAA is expecting HS256 which is its default, but OKTA always returns an RS256 signature.
Resolution
- Log in to PowerProtect Data Manager ssh
cd /usr/local/brs/lib/aaa/configvim application-sso.properties- Check if the variable aaa.sso.client.alg=RS256, if not then change from HS256 to RS256.
- Exit from vim (:wq!)
- aaa restart
Article Properties
Article Number: 000218197
Article Type: Solution
Last Modified: 18 Mar 2025
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.