Keywords: Spotfire Server, authentication, SameSite cookie, Kerberos, blank page
There could be numerous reasons why end users are not able to login to Spotfire Server. This article addresses only one particular situation where the following conditions apply:
1. Spotfire Server is configured for HTTP access, not HTTPS.
2. Spotfire Server has SameSite cookie parameter set to "None".
3. Any authentication mechanism supported by Spotfire is used.
Details:
- Spotfire Server start successfully, without any errors reported in log files.
- End users are able to login in Analyst client and use Spotfire application without issues.
- Attempts to login in a web browser (Chrome, Edge or Firefox) fail. After users enter their credentials, they get redirected back to login page.
- Using Kerberos authentication causes a slightly different behavior. Opening Spotfire Server URL in a web browser causes continuous reload in a background (reload button switches between "loading" icon and "cancel" icon) and nothing is displayed in the browser window, just a blank page.
Further troubleshooting reveals that web browsers are not sending Spotfire Server's session cookies back to the server (JSESSION and other cookies). End users are getting successfully authenticated by Spotfire Server, but since there aren't any session cookies to manage their browser sessions, Spotfire Server issues new cookies for subsequent requests and directs end users to authenticate again.
Resolution:
Option 1: Change SameSite cookie attribute to default setting "Unset" and restart Spotfire Server:
config export-config --force
config set-config-prop --name="security.cookies.same-site" --value="Unset"
config import-config -c "Cookies SameSite=Unset"
Option 2: Configure Spotfire Server to use HTTPS protocol:
Comments
0 comments
Please sign in to leave a comment.