Date Posted: 2018-06-06
Product: TIBCO Spotfire®
Users from LDAP fail to login. Error: "server.security.PostAuthenticationFilterImpl: Denying access, the user principal ... is currently not enabled."
Users are not able to login to Spotfire (LDAP) sometimes, with the server logs indicating the following error:
server.security.PostAuthenticationFilterImpl: Denying access, the user principal 'firstname.lastname@example.org' is currently not enabled
When LDAP synchronization occurs, if there is a delay or failure in synchronizing the users, these users will be disabled in the Spotfire Database (the 'Enabled' column in the USERS table will be set to '0' for these users). This is a default behavior and may result in denying logins for users who try to access Spotfire before the synchronization is completed.
Enable 'safe synchronization' in the Spotfire Server configuration:
- On the Spotfire Server, launch and login to the Spotfire Server Configuration Tool.
- From the 'System Status > Specify Configuration' option, use the 'Export configuration from database' to export the latest server configuration.
- Open the configuration.xml file in a text editor.
- Locate the safe-synchronization element in this configuration file.
- Set the value to true to enable safe synchronization.
- Save the configuration file.
- Load this modified configuration.xml file using the Spotfire Server configuration tool (System Status > Specify Configuration > Load configuration from file).
- Save this configuration to the database (Configuration > Save configuration).
- Restart the Spotfire Server Service.
Note: Once you restart the Spotfire Server service, make sure to allow enough time for the LDAP synchronization to complete. The time to complete a synchronization depends on how many users you are trying to sync. For the Safe-synchronization to work, the synchronization has to be completed at least once. If you try logging in before the sync is completed, you may get the same error.