Spotfire 11.4 Analyst not authenticating to Spotfire Server

[Sean Flaherty 2]

Hello,

We are testing our upgrade from 10.10 to 11.4 and are getting the following error when trying to connect a Spotfire 11.4 Analyst to the new server.

The user is able to log in to the web client without an issue with the same credentials.

Error message: Could not log in. Please try again.

Could not authenticate user 'xxx'.

 

AuthenticationException at Spotfire.Dxp.Services:

Could not authenticate user 'xxx'. (HRESULT: 80131501)

 

Stack Trace:

at Spotfire.Dxp.Services.Authenticator.Authenticate(SpotfireIdentity identity, PrincipalProvider provider, Boolean disposePrincipalOnFailedLogin)

at Spotfire.Dxp.Loader.LoginHandler.TryPerformLogin(LoginInfo chosenLogin, LoginError& error)

 

 

ServiceException at Spotfire.Dxp.Services:

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Bearer realm="SpotfireRealm",SF-Web location="/spotfire/auth/web/initiate",BASIC realm="SpotfireRealm"'. (HRESULT: 80131509)

 

Stack Trace:

at Spotfire.Dxp.Services.WcfSoapService`2.InvokeService[T](Func`1 serviceMethod, String customMethodNameForLogging)

at Spotfire.Dxp.Services.Authenticator.Authenticate(SpotfireIdentity identity, PrincipalProvider provider, Boolean disposePrincipalOnFailedLogin)

 

 

MessageSecurityException at mscorlib:

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Bearer realm="SpotfireRealm",SF-Web location="/spotfire/auth/web/initiate",BASIC realm="SpotfireRealm"'. (HRESULT: 80131501)

 

Stack Trace:

 

Server stack trace:

at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)

at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)

at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)

at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)

at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)

at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

 

Exception rethrown at [0]:

at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

at Spotfire.Dxp.Services.TssSoapServices.LoginService.login(login request)

at Spotfire.Dxp.Services.TssSoapServices.LoginServiceClient.login()

at Spotfire.Dxp.Services.WcfSoapService`2.InvokeService[T](Func`1 serviceMethod, String customMethodNameForLogging)

 

 

WebException at System:

The remote server returned an error: (401) Unauthorized. (HRESULT: 80131509)

 

Stack Trace:

at System.Net.HttpWebRequest.GetResponse()

at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)

 

Kind regards,

Sean

[Fredrik Rosell]

Hello,

 

What is the public address of your Spotfire Server and does that match the server address you use to login in TIBCO Spotfire Analyst (if you are upgrading from 10.10, I assume you want your Analysts to continue using the old server address). If it doesn't match, I recommend updating the public address to match, restart the server service, then try again.

How to set public address

https://docs.tibco.com/pub/spotfire_server/11.4.4/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/set-public-address.html (you can also configure that using the Configuration Tool)

How to check public address

https://support.tibco.com/s/article/How-to-check-the-Public-Address-URL-configured-on-TIBCO-Spotfire-Server-using-a-Troubleshooting-bundle

 

If doing this doesn't address the issue, I suggest that you open a support case on https://support.tibco.com. When doing that, it could help you include a troubleshooting bundle (recreate the issue again, then download the troubleshooting bundle): https://docs.tibco.com/pub/spotfire_server/11.4.4/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/creating_a_troubleshooting_bundle.html)

 

Best Regards

Fredrik

[Sean Flaherty 2]

Thank you Fredrik,I did validate that the public-address was set correctly but still no success.  

 

A bit more information, I took a backup of our existing database, restored and used the upgradetool.bat.  I did not copy the configuration from the previous installation as it is the same database.  Upgrade completed without issue.  

 

All users are able to log in with the web client.The admin user gets the error message above.  

Other users get a simple password is incorrect error (even though I can login with that combination username/password on the web client).

Error message: Username or password is incorrect.AuthenticationException at :Could not authenticate with server to get tokens. Error (invalid_grant): Invalid username/password. (HRESULT: 80131501)Stack Trace:WebException at System:The remote server returned an error: (400) Bad Request. (HRESULT: 80131509)Stack Trace:   at System.Net.HttpWebRequest.GetResponse()   at Spotfire.Dxp.Services.Http.SpotfireRequest.ExecuteNonSpotfireServerRequestWithRetry(Boolean allowRetryToCauseDuplicateRequests, Func`1 requestCreator, Int32 maxNoOfRetry, Nullable`1 retryDelay, Action checkCancel)   at Spotfire.Dxp.Framework.Login.OAuth2AuthenticationFlow.TryExecuteTokenRequest(Action`1 requestAction, Boolean getRefreshToken, Boolean isPasswordRequest, String defaultScope, String& authToken, String& refreshToken, String& scope, Exception& error)

Kind regards,

Sean

[Fredrik Rosell]

Thank you for that additional information. I would definitely recommend a support case, so this can be investigated in more detail. 

 

 

 

Best Regards

 

Fredrik