Troubleshooting the Access denied error

When you try to log in to KUMA using ADFS, the Access denied or Insufficient rights pop-up message may appear. The KUMA Core log shows the Data source certificate has been changed error.

This error indicates that the ADFS certificate is changed. To fix the error and resume domain authentication, update the certificate thumbprint saved in KUMA.

To update the certificate thumbprint on an Astra Linux or Oracle Linux host:

1. Contact Technical support to obtain the adfs_fingerprint_changer_tool binary file.
2. Place the received adfs_fingerprint_changer_tool binary file in any folder on the host with the KUMA Core. For example, /root/kuma-ansible-installer.
3. On the host with the KUMA Core, start the command line interpreter and use the cd command to go to the folder containing the adfs_fingerprint_changer_tool file.

   For example, you can enter the following command and press Enter:

   cd /root/kuma-ansible-installer

4. To grant the permissions to run a binary file and run the binary file, sequentially execute the following commands:

   chmod +x adfs_fingerprint_changer_tool

   ./adfs_fingerprint_changer_tool

To update the certificate thumbprint on a Kubernetes host:

1. Contact Technical support to obtain the adfs_fingerprint_changer_tool binary file.
2. Place the received adfs_fingerprint_changer_tool binary file in any folder on the computer of an administrator with access to the Kubernetes cluster and execute the following commands:

   k0s kubectl cp <path to adfs_fingerprint_changer_tool> $(k0s kubectl get pod -l app=core -n kuma -o name | cut -d/ -f2):/tmp/ -c mongodb -n kuma

   k0s kubectl exec $(k0s kubectl get pod -l app=core -n kuma -o name) -c mongodb -n kuma -- bash -c "chmod a+x /tmp/adfs_fingerprint_changer_tool && /tmp/adfs_fingerprint_changer_tool"

After you run the binary file, the certificate thumbprint is updated and the domain authentication by means of ADFS is again available.