Error after logging in to Data Preparation: "Oops page.... you are not authorized to see this page. Contact your administrator"

Talend Version       2.1.1 DP
Summary After using the 6.4.1 Installer, and successfully installing TAC, Amazon Web Services Identity and Access Management (IAM), Data Preparation (DP), and other tools, the Data Prep/IAM login page displayed:
Oops page.... you are not authorized to see this page. Contact your administrator
Additional Versions  
Product Data Preparation, IAM, TAC
Component Connection to Data Prep using IAM
Problem Description

After a successful, fresh installation of Talend 6.4.1 TAC, 2.1.1 DP, and IAM using the Installer, you could access the DP/IAM login page. However, after entering the correct credentials, the authentication seems to occur (as you were correctly configured in TAC) but the page displayed the error Oops page.... you are not authorized to see this page. Contact your administrator.

 

You are defined as a Data Prep user in TAC, and have all the possible roles. TAC, DP, and IAM are all installed on the same machine. Their host names can be either long.company.name.corp.org, or company (TAC can be accessed with both).

 

However, you noticed that in different configuration files, naming is not consistent. In the iam.properties and application.properties files, the fully qualified domain name (FQDN) and the short hostname were both used. In the oidc.log, you accessed TDP with a URI (http://long.company.name.corp.org:9999/signIn).

Problem root cause

The configured redirect_uris in the tdp_client.json file are:

http://company:9999/signIn
http://localhost:9999/signIn
http://127.0.0.1:9999/signIn

 

But not:

http://long.company.name.corp.org:9999/signIn

 

That's why IAM complains with an Oops page: the redirect_uri sent by TDP (computed relying on the URL used to access TDP), and the ones configured in the IAM tdp-client.json file don't match.

Solution or Workaround
  1. Add this URI to your tdp-client.json file:

    http://long.company.name.corp.org:9999/signIn

    An example tdp_client.json file might look like this:

    {
     "post_logout_redirect_uris" : [ "http://company:9999", "http://localhost:9999", "http://127.0.0.1:9999" ],
     "grant_types" : [ "authorization_code", "refresh_token", "password" ],
     "scope" : "openid refreshToken",
     "client_secret" : "+1/7vegEOVHeQD9JKmtz8I9s4tgVuRjvidgjijja7efFHro=",
     "redirect_uris" : [ "http://company:9999/signIn", "http://localhost:9999/signIn", "http://127.0.0.1:9999/signIn", "http://long.company.name.corp.org:9999/signIn" ],
     "client_name" : "TDP DataPrep",
     "client_id" : "64xIVPdioWSog"
    }
  2. Restart IAM. This should resolve the issue.
JIRA ticket number TINSTL-1239
Version history
Revision #:
4 of 4
Last update:
‎05-10-2018 12:23 PM
Updated by: