Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledge Base
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Columbus Signals Image Artist
Downloads
Downloads
Community
Support Forums Ideas Portal Product Basics
About Support
Legal Resources Support and Maintenance Plans Product Life Cycle Support News
Contact Support

OpenId Connect authentication fails with "Error calling the Token Endpoint: invalid_client"

Rich Talbot
  • Updated
Date Posted:
Product: TIBCO Spotfire®

Problem:

OpenId Connect authentication fails with "Error calling the Token Endpoint: invalid_client"


Solution:

OpenID Connect authentication fails with the following error when the "redirect_uri" does not match with that of what is set in "Identity Provider" or if the "redirect_uri" is not added to the list of reply urls: 

DEBUG 2019-02-27T19:22:32,750-0500 [unknown, #23, #665] server.security.AuthenticationManager: Attempting authentication using the OpenID Connect authenticator
WARN 2019-02-27T19:22:33,249-0500 [unknown, #23, #665] auth.oidc.OidcAuthenticator: OpenID Connect authentication failed
com.spotfire.server.security.auth.oidc.OidcException: Error calling the Token Endpoint: invalid_client, error_description: AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: 'bbb39fcb-bda7-42cb-8263-1ecc2533429a'.
Trace ID: a4d9adf4-f946-47a3-8bd5-8c5a61f00800
Correlation ID: 69c7f217-4f67-49fa-b165-0cd58a0e8c57
Timestamp: 2019-02-28 00:22:13Z
	at com.spotfire.server.security.auth.oidc.OidcAuthenticator.handleTokenEndpointError(OidcAuthenticator.java:511) ~[server.jar:?]
	at com.spotfire.server.security.auth.oidc.OidcAuthenticator.callTokenEndpoint(OidcAuthenticator.java:481) ~[server.jar:?]
	at com.spotfire.server.security.auth.oidc.OidcAuthenticator.authenticate(OidcAuthenticator.java:306) ~[server.jar:?]
	at com.spotfire.server.security.AuthenticationManager.doAuthenticate(AuthenticationManager.java:394) ~[server.jar:?]
.......................
Caused by: org.springframework.web.client.HttpClientErrorException: 400 Bad Request
	at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91) ~[spring-web.jar:4.3.7.RELEASE]
	at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:700) ~[spring-web.jar:4.3.7.RELEASE]
	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:653) ~[spring-web.jar:4.3.7.RELEASE]
	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:613) ~[spring-web.jar:4.3.7.RELEASE]
	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:531) ~[spring-web.jar:4.3.7.RELEASE]
	at com.spotfire.server.security.auth.oidc.OidcAuthenticator.callTokenEndpoint(OidcAuthenticator.java:468) ~[server.jar:?]
	... 74 more
DEBUG 2019-02-27T19:22:33,281-0500 [unknown, #23, #665] server.security.SecurityFilter: User authentication failed

  To resolve, add the correct "redirect url" or "return endpoint url" for your TIBCO Spotfire Server in the Identity Provider configuration (the "identity provider" is the 3rd party authentication provider like Google, Azure, Yahoo etc).

The correct redirect URL would be like http://<spotfireservername>/spotfire/auth/oidc/authenticate and is found in TIBCO Spotfire Configuration tool here:
  • TIBCO Spotfire Server Configuration Tool > Configuration tab > OpenID Connect > Return endpoint
User-added image Doc:Configuring OpenID Connect

Related articles