Skip to main content

Jama Connect Help

Federated Authentication errors (KOTS)

The "Failed to attempt login" error can occur when you log in to the KOTS Admin Console from a browser for the first time. This error can occur if you didn't specify the host name and chose to upload custom certificates, or you specified the host name but it wasn't retained by the KOTS Admin Console.

To resolve this issue:

If provided, the KOTS Admin Console uses the custom certificate. If none was provided, a new self-signed certificate is generated with the host name you specified. The KOTS Admin Console retains the host name.

  1. Review the KOTS Admin pod logs:

    1. Check the name for your KOTS Admin pod:

      kubectl get pods -o wide

    2. Check the logs for your KOTS Admin pod:

      kubectl logs -f pods/<kotsadm-pod-name>

      Review the logs and confirm that the following error appears:

      {
  "level": "error",
  "ts": "2022-08-25T18:36:03Z",
  "msg": "failed to get kotsadm oidc provider: failed to query provider \"https://<your-kots-admin-hostname>:8800/dex\": Get \"https://<your-kots-admin-hostname>:8800/dex/.well-known/openid-configuration\": x509: certificate is valid for kotsadm, kotsadm.default, kotsadm.default.svc, kotsadm.default.svc.cluster, kotsadm.default.svc.cluster.local, not <your-kots-admin-hostname>"
}

  2. Restore the ability to configure the TLS certificates:

    kubectl -n default annotate secret kotsadm-tls acceptAnonymousUploads=1 --overwrite

  3. Restart the kurl-proxy pod:

    kubectl delete pod $(kubectl get pod | grep kurl-proxy | awk '{print $1}')

  4. Open the KOTS Admin Console with this link: http://<your-kots-admin-hostname>8800/tls

  5. Choose one:

    • Select Skip & continue if you don't want to provide custom certificates.

    • Upload the files and select Upload & continue if you want to provide custom certificates.