Product: TIBCO Spotfire®
OAuth2 web authentication fails in TIBCO Spotfire Analyst with “ System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms” error
When logging in to the TIBCO Spotfire Analyst client with OAuth2 web authentication on Windows machines with FIPS enabled, the Spotfire login dialog will stay stuck at the following dialog forever:
The following detailed error message is logged in the TIBCO Spotfire Analyst logs:
2019-03-22T08:41:35,909+01:00 2019-03-22 07:41:35,909 [DXP Splash Thread 2] INFO Spotfire.Dxp.Loader.LoginControl [(null)] - Failed to authenticate System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at System.Security.Cryptography.SHA256Managed..ctor() at Spotfire.Dxp.Framework.Login.OAuth2AuthenticationFlow.Sha256(String inputString) in C:\Source\SVNEU\gen-10-1-0\SpotfireDxp\src\Framework\Login\OAuth2AuthenticationFlow.cs:line 493 at Spotfire.Dxp.Framework.Login.OAuth2AuthenticationFlow.Authenticate(CancellationToken cancellationToken) in C:\Source\SVNEU\gen-10-1-0\SpotfireDxp\src\Framework\Login\OAuth2AuthenticationFlow.cs:line 110 at Spotfire.Dxp.Loader.LoginControl.<>c__DisplayClass49_1.<OkButtonClick>b__0() in C:\Source\SVNEU\gen-10-1-0\SpotfireDxp\src\Loader\LoginControl.cs:line 698 at System.Threading.Tasks.Task`1.InnerInvoke() at System.Threading.Tasks.Task.Execute()
Below are the steps to know if the FIPS algorithm is enabled or disabled on the Windows machine where the issue occurs:
- Open Local Security Policy editor (search for it in start menu)
- Select *Local Policies\Security Options to the left
- See Security setting for policy “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” is set to "Enabled"
The issue is also fixed in the following versions:
- TIBCO Spotfire 7.11 HF-018 and higher
- TIBCO Spotfire 10.2 HF-002 and higher
- TIBCO Spotfire 10.3 and higher
To resolve the issue:
- Upgrade to any of the versions mentioned above via upgrade or hotfix if applicable to your version: 7.11 HF-018 and higher, 10.2 HF-002 and higher, or 10.3 and higher.
- For other versions, disable the FIPS algorithm by setting the “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” registry entry described above to "Disabled"