Please refer to this articles parent page for more information.
The following error maybe seen in the Spotfire server.log
server.security.KerberosAuthenticator: Failure when executing privileged Kerberos authentication action
org.ietf.jgss.GSSException: Defective token detected (Mechanism level: Invalid SPNEGO NegTokenTarg token : SPNEGO NegoTokenTarg : did not have the right token type)
at sun.security.jgss.spnego.NegTokenTarg.parseToken(NegTokenTarg.java:179) ~[java.security.jgss:?]
The error could be seen for these possible reasons
1) The workstation browser does not trust the spotfire URL. Make sure the spotfire URL is listed under Local Intranet in Internet Options. This is located under the Security section.
A kerberos token is only sent by the browser (Edge or Chrome) to the site when it is listed under Local Intranet.
2) The encryption types listed under krb5.conf are inconsistent with what the service account in windows supports. E.g. the account in windows may only support AES-128 yet AES-256 encryption is being requested
krb5.conf
default_tkt_enctypes = aes256-cts
default_tgs_enctypes = aes256-cts
3) The spotfire keytab file does not have an encryption type consistent with the service account or krb5.conf
Another source of inconsistecy may be the encryption type used in the kerberos keytab file. To check this run the following command:
(BASE DIR)\jdk\bin\ktab.exe -l -e -t -k (BASE DIR)\tomcat\spotfire-config\spotfire.keytab
If you find this error perists please contact Revvity Signals Support for further assistance.