Product: TIBCO Spotfire®
Oauth2 authentication does not support applications that are created using Microsoft V2.0 Azure AD
Microsoft Azure AD has 2 API's and you can register them with Azure in two different places depending on whether you want to use the new v2.0 or the older one. Applications created in https://apps.dev.microsoft.com/ are registered by version 2.0 and the apps that are created using https://portal.azure.com/ are the older ones.
Some companies registers Microsoft Azure applications using v2.0 API but when OpenID is configured with v2.0 endpoint users will not be able to login. In that case, you will see the following error message in server.log .
WARN 2018-03-17T13:08:21,723+0000 [*Initialization*] auth.oidc.OidcAuthenticator: The 'issuer' claim from the discovery document (https://login.microsoftonline.com/55e98fdf-9ac4-42f6-a35d-6bcb4d9b4bc7/v2.0/) does not match the expected value (https://login.microsoftonline.com/tfp/55e98fdf-9ac4-42f6-a35d-6bcb4d9b4bc7/Default/v2.0)
TIBCO Spotfire does not support v2.0 API currently, which is why users get the error "Could not login please contact the system administrator" while logging into Spotfire. Therefore, to workaround this issue, make sure to register Azure AD applications using:
External: How to register an app with the v2.0 endpoint