IBM Support

Cognos Analytics 12.0.3+ authentication against Azure AD v1 endpoints with password grant fails with error "JWT uses unsupported signature algorithm"

Troubleshooting


Problem

Cognos Analytics 12.0.3+ releases authenticating against Azure AD Version 1.0 template endpoint authorization endpoints with password grant  i.e. Resource Owner Password Credentials (ROPC) allowed, encounter the error "JWT uses unsupported signature algorithm".
During testing of the Azure AD v1.0 namespace within IBM Cognos Configuration observe the error below.
  
[ERROR] AAA-OIDC-0011 Failed to validate identity token. Reason: 'JWT uses unsupported signature algorithm'

image-20241002094142-1
Using SDK utility trigger.(bat | sh) authenticating against Azure AD Version 1.0 template endpoint authorization endpoints with password grant, observe the error below.
AxisFault
 faultCode: Client
 faultubCode:
 faultString: CM-REQ-4342 An error occurred with the client.
 faultActor:
 faultNode:
 faultDetail:
	{http://developer.cognos.com/schemas/bibus/3/}exception:
		<severity>error</severity>
		<errorCode>caf</errorCode>
	<ns1:message><messageString>CM-CAM-4005 Unable to authenticate. Check your security directory server connection and confirm the credentials entered at login.</messageString></ns1:message>

Symptom

a. Test the Azure AD Version 1.0 template namespace within IBM Cognos Configuration.
[ERROR] AAA-OIDC-0011 Failed to validate identity token. Reason: 'JWT uses unsupported signature algorithm'
b. Execute SDK utility trigger.(bat | sh) and authenticate against Azure AD v1.0 template endpoint namespace.
CM-REQ-4342 An error occurred with the client
CM-CAM-4005 Unable to authenticate. Check your security directory server connection and confirm the credentials entered at login.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m50000000Cl6OAAS","label":"Security-\u003EAuthentication\/SSO"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"12.0.3;and future releases"},{"Product":{"code":"SS6G84","label":"IBM Cognos Analytics on Cloud"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB76","label":"Data Platform"}},{"Product":{"code":"SSLKT6","label":"IBM Maximo Asset Management"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
15 January 2026

UID

ibm17171973

Page Feedback