Product: TIBCO Spotfire®
OpenID authentication for TIBCO Spotfire Server fails with "com.nimbusds.jwt.proc.BadJWTException: JWT before use time"
When trying to setup OpenID authentication, the authentication fails with an error like the following:
WARN 2020-05-26T11:17:13,240+0000 [unknown, #0, #4] auth.oidc.OidcAuthenticator: OpenID Connect authentication failed com.spotfire.server.security.auth.oidc.OidcException: ID token validation failed Caused by: com.nimbusds.jwt.proc.BadJWTException: JWT before use time
The error "com.nimbusds.jwt.proc.BadJWTException: JWT before use time" states that the JSON Web Token (JWT) is signed "in the future".
A possible cause for this could be that the clocks for the identity provider machine and the Spotfire Server machine are not synchronized which is causing the JWT to be issued in the future and thus failing.
The clocks for the machines need to be in sync. Please note, that this is regarding clock, not timezone - the UTC timestamp must be in sync, but the time zones can be different. The recommendation is to set the clocks in sync manually or use a Network Time Protocol (NTP) server to synchronize them.