Keywords: IronPython, 401, webplayer
When trying to access the TIBCO Spotfire Web Player in a browser, it fails to load with the following error displayed:
An error occurred while receiving the HTTP response to
https:// <server.abc.com>:9443/spotfire/ws/LoginService.
This could be due to the service endpoint binding not using the HTTP protocol.
This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down).
See server logs for more details.
The following error is seen in the Web Player worker.host log:
INFO ;2022-08-04T17:04:12,282-03:00;2022-08-04 20:04:12,282;b7159039-d65b-47f6-9434-b1b1fe6012e3;041457687du6f3;46;<user@abc.com>;64e2487634ec3c89bb926180f311325a;Spotfire.Dxp.Services.Http.HttpRetryContext;"Cannot retry error in call to ."
System.ServiceModel.CommunicationException: An error occurred while receiving the HTTP response to https:// <server.abc.com>:9443/spotfire/ws/LoginService.
This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. ---> System.Net.WebException: The underlying connection was closed:
An unexpected error occurred on a receive. ---> IronPython.Runtime.UnboundNameException: global name 'True' is not defined
at IronPython.Runtime.Operations.PythonOps.GetVariable(CodeContext context, String name, Boolean isGlobal, Boolean lightThrow)
And the following error is seen in the Spotfire Server server.log:
ERROR 2022-08-04T17:04:12,400-0300 [<server.abc.com>, #BS-8702, #816060] wp.controller.WebPlayerExceptionController: Internal Server Error ef4f970c-5f95-4c22-8912-e5c59efdb122 (Service Error 49a1b898882b46ab8167e341b759f96a : An error occurred while receiving the HTTP response to https://<server.abc.com>:9443/spotfire/ws/LoginService.
This could be due to the service endpoint binding not using the HTTP protocol.
This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.
(Unauthorized - 49a1b898882b46ab8167e341b759f96a)): 401 An error occurred while receiving the HTTP response to https:// <server.abc.com>:9443/spotfire/ws/LoginService.
This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. (Unauthorized - 49a1b898882b46ab8167e341b759f96a)
The root cause of this issue is custom IronPython scripts that when executed interfere with the .NET HTTP client communication which Spotfire relies on as of version 11.1 (earlier WinINet was used). IronPython scripts cannot set global .NET settings/behaviors, by using ServicePointManager for example, since those can and will affect the execution of the product causing instability.
Example script:
def AcceptAllCertifications(a,b,c,d):return True
ServicePointManager.ServerCertificateValidationCallback = AcceptAllCertifications
Before version 11.1, these scripts would not have caused system-wide issues since the modification of the global .NET HTTP settings did not affect Spotfire at that time.
The problem is that the ServicePointManager is a static, singleton class which means that if a client (an IronPython script in this case) makes a change it changes for everything (including the rest of the Spotfire application). Per the important note on the ServicePointManager Classdocumentation:
- "We don't recommend that you use the ServicePointManager class for new development. Instead, use the System.Net.Http.HttpClient class"
To avoid this issue, find and remove (or quarantine) all dxp files which contain these problematic scripts until the scripts are modified. In order to find scripts which contain the problematic usage of ServicePointManager like above, there are a couple options:
- Application Profilertool - Searches all dxp files in the library, looking for scripts with a given code snippet. (Note: cannot open dxp files that are prompted)
- Find-analysis-scriptscommand line function - Searches all dxp file in the library and lists the IronPython script contents in the output report. That report can then be searched for the problematic code snipped to identify the dxp files that need to be quarantined
Ensure proper testing of new scripts is performed in lower environments before use in production environments to avoid any issues.
Important Note:
Other uses ServicePointManager might cause different issues and symptoms. For example, modifying the TLS version to TLS 1.0 explicitly with:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
This will cause the following error when trying to use the Web Player since it will cause the secure communication channel to fail:
Could not establish secure channel for SSL/TLS with authority 'server:9443'. (Unauthorized)): 401 Could not establish secure channel for SSL/TLS with authority 'server:9443'
Reference
Wiki: How to find specific scripts in DXP files in the Spotfire Library using the Application Profiler
Wiki: Script and Data function trust in Spotfire 10.3 and later
Comments
0 comments
Article is closed for comments.