PowerProtect Data Manager - 升級後重新設定 OKTA SSO
Summary: PowerProtect Data Manager 從 19.13 更新至 19.14 後,OKTA SSO 無法運作。 修補程式以 (PPDMESC-3304) 的形式套用至 PowerProtect Data Manager 19.13
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
aaa.log:
./aaa.2023-08-23.0.log.gz:org.springframework.security.oauth2.jwt.JwtException: An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching keys found
Cause
aaa.log中的錯誤:
2023-08-24T07:39:26.964Z ERROR [] [https-jsse-nio-9090-exec-1] [][][][TRACE_ID:97d2704ca1652f50][] [c.e.b.a.s.s.DefaultSsoService.lambda$1(71)] - SSO login issue: {}
org.springframework.security.oauth2.jwt.JwtException: An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching keys found
這意味著 AAA 需要 HS256,這是其預設值,但 OKTA 始終返回 RS256 簽名。
Resolution
- 登入 PowerProtect Data Manager ssh
cd /usr/local/brs/lib/aaa/configvim application-sso.properties- 檢查變數 aaa.sso.client.alg=RS256,如果不是,則從 HS256 變更為 RS256。
- 結束 vim (:wq!)
- AAA 重新開機
Article Properties
Article Number: 000218197
Article Type: Solution
Last Modified: 18 Mar 2025
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.