Databricks Spotfire connection Mircosoft AD returns Unauthorized

[Sajan John Peter 3]

Im trying to connect Databricks in Spotfire using the Custom connector (link below) as I wanted to use Microsoft AD authentication.

https://community.spotfire.com/s/exchange/aCv4z0000008Oc1CAE/custom-connector-for-tibco-spotfire-to-connect-to-azure-databricks

I have configured everything as mentioned in the documentation, however, the connection does not work as expected returning 401 Unauthorized even though the redirect page says Authentication Successful. Attached is the log file for reference.

Could it be possible to get what flow (flow of MS APIs) is used for the authentication to run through the flow manually to understand what breaks?

[Dave Leigh]

The fact that you get the Authentication Successful message indicates that the Code retrieval step of the OpenID flow has succeeded. The error is occurring when exchanging the Code for a Token. For security reasons Microsoft doesn't tell us exactly what the problem is but usually this is caused by the Client Secret either being invalid or having expired.

The Value of the Client Secret can only be obtained immediately after creation and should not be confused with the Secret ID which will always be visible in the Azure Portal. A common mistake is to copy the ID of the Client Secret instead of the Value.

So I would recommend creating a new Secret and copying the value into the configuration.

[Sajan John Peter 3]

Hi Dave,

Thanks for your response. I had made sure that I used value and not the ID, made an attempt to use a different app registration and still no hope.

However, I manually run the authentication flow from the Microsoft documentation (https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/app-aad-token#interactive) and Im able to validate them just fine.

It would be great if we can get a better log on why it is still failing to connect. Also, Im new to using Tibco Spotfire, and just wanted to understand if there could be any support that I can get from Tibco for the issue?

Thanks

[Dave Leigh]

My coworker reminded me of another situation that sometimes causes this issue. If your Azure Administrator has set a global option to require Administrator approval, the Access Denied response would be received. However, if you are able to authenticate manually then it doesn't seem likely that this is the issue.

The Custom Connector is not supported via TIBCO Support so we will have to work through the issue ourselves to resolve it.

I would suggest that you reach out to me directly by clicking on my name and then "Message". If you send me your contact details we can arrange a web meeting to troubleshoot and hopefully resolve the issue.

Cheers

Dave