Product: TIBCO Spotfire®
"Internal Server error" error is returned while accessing analysis file in TIBCO Spotfire Web Player.
While accessing an analysis file from the Spotfire Web Player or clicking "Analytics" from the Spotfire Administrator UI, "Internal Server Error" might be seen. Below is the error message seen in server.log file:
ERROR 2019-11-06T11:35:50,406-0500 [user@domain.com, #100, #347690] wp.router.DelegatingStrategy: Kerberos login to test.server.com failed. Response status: 401 UNAUTHORIZED, response body:
org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 Unauthorized
ERROR 2019-11-06T11:35:50,422-0500 [user.domain.com, #100, #347690] wp.router.RequireDelegationStrategy:
There was an error logging in to [https://test.server.com:9501/868935b4-6db4-43d7-a45f-0d9cca72eb43, Status=AVAILABLE, SessionCount=0]
ERROR 2019-11-06T11:35:50,485-0500 [user@domain.com, #100, #347690] wp.controller.WebPlayerExceptionController: Internal Server Error 29d44b42-233e-4cb4-892b-f30d2a1a7692:
There was an error logging in to [https://test.server.com:9501/868935b4-6db4-43d7-a45f-0d9cca72eb43, Status=AVAILABLE, SessionCount=0]
Users would be able to log in to Spotfire successfully but the issue is only while accessing a report or while accessing "Analytics".
This shows an issue with Kerberos delegation and the reason could be a mismatch in the encryption type of the Node Manager TGS request and TGS response. For example if the Node Manager machine's TGS request has encryption type AES-128 but it's TGS response has encryption type AES-256, delegation would fail from the Node Manager side and the above appears. This is because, the TIBCO Spotfire Node Manager is enforced to use a specific encryption type other than the one used in kerberos configuration(krb5.conf) for Spotfire.
To fix this issue, Kerberos authentication should be set up using an encryption method that is allowed on TIBCO Spotfire server, TIBCO Node Manager and the Domain controller machine.
Note: TGS refers to Ticket Granting Server and TGS request and TGS response are the packets sent and received by the server to set up the encrypted communication. This communication can be traced using a Network Tracing tool like Wireshark.
Doc: Krb5.conf file
Comments
0 comments
Article is closed for comments.