Skip to main content
Version: v2.3.1

Broker Research Troubleshooting

Overview

The AlphaSense Enterprise Insight platform provides access to broker research content — including Citi, BofA, and other entitled brokers — through a secure authentication flow that relies on IDP cookies, environment-specific configurations, and the entitlement service. In Private Cloud deployments, broker research access depends on correct ingress configuration, environment variables on the fe-document-ws service, and the entitlement-ng service being deployed and healthy.

This document serves to outline common failure scenarios related to broker research access and provide troubleshooting steps for resolution.

Failure Scenarios

Triage:

The user navigates to broker research content and documents fail to load. The /idpcookie/generate endpoint returns a 404 error, preventing the platform from generating the IDP token required to authenticate against broker content. IDP cookies expire after 24 hours, so this failure will block all broker research access until resolved.

Troubleshooting:

Test the IDP cookie endpoint to confirm the 404:

curl -X POST https://<domain>/api/enterprise-brokers-api/idpcookie/generate \
-H "Authorization: Bearer <token>" \
-v

💡 Bearer token can be copied from the any graphql request header from the UI. On Chrome, open "inspect" → network(tab) and select any graphql request the request header will contain the bearer token.

If the response is HTTP 404, the public ingress for enterprise-brokers-api is missing. Verify:

kubectl get ingress -n platform | grep enterprise-brokers-api

Apply the public ingress configuration as a permanent fix:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: enterprise-brokers-api-public
  namespace: platform
spec:
  rules:
  - host: <domain>
    http:
      paths:
      - path: /api/enterprise-brokers-api
        pathType: Prefix
        backend:
          service:
            name: enterprise-brokers-api
            port:
              number: 80

Validate the fix by re-running the curl command above and confirming an HTTP 200 response.

2. Broker Research Documents Not Loading (Missing Environment Variables)

Triage:

The user navigates to broker research but documents fail to load despite the IDP cookie endpoint being reachable. The fe-document-ws service is missing one or more required environment variables (ENTERPRISE_LINKBACK_IDP_PROVIDER, IDP_INITIATED_URL), preventing the proper authentication flow from completing.

Troubleshooting:

Verify the environment variables are present on the fe-document-ws deployment:

kubectl get deployment fe-document-ws -n applications -o yaml | grep -A 5 "env:"

Confirm both of the following are present in the output:

  • ENTERPRISE_LINKBACK_IDP_PROVIDER
  • IDP_INITIATED_URL

If either is missing, apply them as a temporary fix:

kubectl set env deployment/fe-document-ws \
ENTERPRISE_LINKBACK_IDP_PROVIDER=<value> \
IDP_INITIATED_URL=<value> \
-n applications

Note: This provides up to 24 hours of relief but cookies will expire without the permanent ingress fix (see scenario above). Ensure the public ingress is also applied to prevent recurrence.

3. Works for Some Users but Not Others (User Entitlement Issues)

Triage:

Broker research content loads for most users but a specific user sees "No access" errors or cannot view entitled broker content. This is typically caused by an incorrect license configuration, an unprocessed broker approval, or an entitlement sync issue for that user.

Troubleshooting:

💡 Use the "Entitlement - Troubleshooting" runbook to verify if the cause is due to entitlement issue,

If it is confirmed that the issue is not related to entitlements, please open a support ticket with AlphaSense Support for further assistance. The steps below should be used as an initial data-gathering checklist to help Support investigate more efficiently:

  • Confirm whether the problem affects one or multiple users, and whether the issue occurs consistently or intermittently.
  • Impersonate the affected user in Admin Tools and navigate to the broker research section to observe what content is visible and what errors are shown.

Alphasense Verify Salesforce configuration:

  1. Confirm broker licenses are assigned to the user
  2. Check broker approval status
  3. Trigger an entitlement sync if needed

Validation Steps

After applying any resolution, confirm the following:

  1. Re-run the IDP cookie endpoint test and confirm HTTP 200:

    curl -X POST https://<domain>/api/enterprise-brokers-api/idpcookie/generate \ -H "Authorization: Bearer <token>" \ -v

  2. Impersonate the affected user and attempt to open a Citi broker research document

  3. Repeat for BofA and any other entitled brokers

  4. Wait 24+ hours and re-test to confirm access persists after cookie expiration

Preventive Measures

  1. Standard Deployment Checklist

    • Verify enterprise-brokers-api public ingress in deployments
    • Validate ENTERPRISE_LINKBACK_IDP_PROVIDER and IDP_INITIATED_URL on fe-document-ws
    • Confirm entitlement-ng is included in the deployment manifest

  2. Monitoring

    • Alert on 404s from the /idpcookie/generate endpoint
    • Monitor broker document access rates for anomalies

— Link entitlement runbook here