Product: TIBCO Spotfire®
Users are not able to login to TIBCO Spotfire Server or Web Player when using Open ID Authentication with Azure Identity provider
You may see this issue with the following error in the server.log under multiple circumstances like while you upgrade to Spotfire server 7.11 from 7.8 or perhaps after a random restart in 7.10/7.8/7.9.
WARN 2018-01-24T15:54:21,417+0000 unknown, #5, #35 auth.oidc.OidcAuthenticator: OpenID Connect authentication failed com.spotfire.server.security.auth.oidc.OidcException: Error calling the Token Endpoint: client authentication failed invalid_client, error_description: AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided. Trace ID: 6c83e1f6-6a94-4f2c-87c3-eff2c1490600 Correlation ID: 7210c369-ad98-475f-9f3d-1b1aa80aabab Timestamp: 2018-01-24 15:54:21Z at com.spotfire.server.security.auth.oidc.OidcAuthenticator.handleTokenEndpointError(OidcAuthenticator.java:493) ~[server.jar:?]
The reason why you may see this issue is that Microsoft Azure recently added support for client_secret_basic authentication method while spotfire was using client_secret_post before the change and it worked fine, but after the change it defaulted to client_secret_basic which was not implemented properly.
Microsoft has confirmed the issue, see:
1) Try to renew the Azure key first and see if that helps resolve the issue.
2) If that doesnot help, please follow the below steps which could possibly resolve the issue
a.Launch command prompt as administrator on the Spotfire Server machine, navigate to tomcat\bin folder
b.Run the following command to export the configuration:
config export-config -f
c. Open the configuration.xml in a text editor and Locate the OIDC provider configuration
d. Add the following XML element (nested under the <provider> element):
e.Save the configuration.xml file and then import the configuration by running the following command:
config import-config --config-name="Updated token-endpoint-auth-method"
f. Restart the Spotfire Server service.
3) If the above suggestions do not work, please open a support case with TIBCO Support at https://support.tibco.com. External: AAD OpenID Connect Token Endpoint authentication bug