Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledge Base
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Columbus Signals Image Artist
Downloads
Downloads
Community
Support Forums Ideas Portal Product Basics
About Support
Legal Resources Support and Maintenance Plans Product Life Cycle Support News
Contact Support

TIBCO Spotfire Server fails to start to authenticate against OpenID Connect with error message 'No 'code' parameter given'

Rich Talbot
  • Updated
Date Posted:
Product: TIBCO Spotfire®

Problem:

TIBCO Spotfire Server fails to start to authenticate against OpenID Connect with error message 'No 'code' parameter given'


Solution:

You may see the following error message in the Admin UI when OpenID Connect authentication is enabled on the TIBCO Spotfire Server with Okta as Identity Provider.

'Could not login, contact your administrator'

Below error message can be seen in server.log:

WARN 2019-11-08T16:42:12,951+0000 [unknown, #50, #9048] auth.oidc.OidcAuthenticator: OpenID Connect authentication failed
com.spotfire.server.security.auth.oidc.OidcException: No 'code' parameter given
    at com.spotfire.server.security.auth.oidc.OidcAuthenticator.authenticate(OidcAuthenticator.java:306) ~[spotfire-server.jar:?]
    at com.spotfire.server.security.AuthenticationManager.doAuthenticate(AuthenticationManager.java:406) ~[spotfire-server.jar:?]
    at com.spotfire.server.security.AuthenticationManager.authenticateNonAnonymously(AuthenticationManager.java:356) ~[spotfire-server.jar:?]
    at com.spotfire.server.security.AuthenticationManager.authenticateFrontend(AuthenticationManager.java:221) ~[spotfire-server.jar:?]
    at com.spotfire.server.security.AuthenticationManager.authenticate(AuthenticationManager.java:205) ~[spotfire-server.jar:?]
    at com.spotfire.server.security.SecurityFilter$AuthenticationFilter.attemptAuthentication(SecurityFilter.java:444) ~[spotfire-server.jar:?]
    at com.spotfire.server.security.SecurityFilter$AuthenticationFilter.doFilter(SecurityFilter.java:241) ~[spotfire-server.jar:?]
    at com.spotfire.server.security.SecurityFilter$InternalFilter.doFilter(SecurityFilter.java:978) ~[spotfire-server.jar:?]
    at com.spotfire.server.security.SecurityFilter$InternalFilterChain.doFilter(SecurityFilter.java:1007) ~[spotfire-server.jar:?]
    at com.spotfire.server.security.SecurityFilter$UserDataConstraintFilter.doFilter(SecurityFilter.java:852) ~[spotfire-server.jar:?]
    at com.spotfire.server.security.SecurityFilter$InternalFilter.doFilter(SecurityFilter.java:978) ~[spotfire-server.jar:?]
    at com.spotfire.server.security.SecurityFilter$InternalFilterChain.doFilter(SecurityFilter.java:1007) ~[spotfire-server.jar:?]
    at com.spotfire.server.security.SecurityFilter$ConnectorFilter.doFilter(SecurityFilter.java:812) ~[spotfire-server.jar:?]
    at com.spotfire.server.security.SecurityFilter$InternalFilter.doFilter(SecurityFilter.java:978) ~[spotfire-server.jar:?]
    at com.spotfire.server.security.SecurityFilter$InternalFilterChain.doFilter(SecurityFilter.java:1007) ~[spotfire-server.jar:?]
    at com.spotfire.server.security.SecurityFilter.doFilter(SecurityFilter.java:159) ~[spotfire-server.jar:?]
    .......
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) ~[catalina.jar:9.0.17]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) ~[tomcat-coyote.jar:9.0.17]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) ~[tomcat-coyote.jar:9.0.17]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834) ~[tomcat-coyote.jar:9.0.17]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415) ~[tomcat-coyote.jar:9.0.17]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.17]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_201]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_201]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.17]
    at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201] The reason why it returned "No code parameter" is due to the prompt parameter value set in OpenID configuration. Setting prompt parameter with the value 'none' means that there is no active session from Identity Provider side (the End-User is not already Authenticated in Okta) to authenticate silently. 

<auth-request-prompt-value>none</auth-request-prompt-value>

If you want to use the 'none' parameter then you should ensure to establish the session in Okta and then login with Spotfire. If not, you can change the parameter to 'login' so that the Spotfire Server attempts to Authenticate the End-User even if the End-User is already authenticated. 
<auth-request-prompt-value>login</auth-request-prompt-value>
Doc: Advanced OpenID Connect Settings

Related articles