Description
In Spotfire Server version 14.4 and above, by default, Spotfire Analyst client will redirect users to a web browser for authentication, instead of displaying its traditional login dialog box.
With this change, when users open Spotfire Analyst, the dialog window will not show the Username/Password section (for some authentication types) and, when users click on Login button, a new web browser window will open where they can enter UserName and Password to authenticate. This is still the same username and password authentication method, but now it uses a web browser.
This can be changed back to previous behavior by making a server configuration change described below.
Solution
To restore the standard Spotfire Analyst login dialog box:
- Open a command prompt as Administrator on the Spotfire Server machine.
-
Navigate to <Spotfire Server install directory>\<version>\tomcat\spotfire-bin\ and run the following commands:
- Export current configuration:config export-config -f
- Enable password-grant login:config set-config-prop --name="security.basic.basic-disabled" --value="false" config set-config-prop --name="security.oauth2.server.password-grant.enabled" --value="false"- Import updated configuration:
config import-config -c "your comment about this change" - Restart the Spotfire Server service. Once these changes have been applied, users will no longer be redirected to a web browser for authentication and the standard login dialog box will appear in Spotfire Analyst.
Additional Information
The new login behavior (via web browser) is a change in functionality introduced in Spotfire Server 14.4:
https://docs.tibco.com/pub/spotfire_server/14.4.0/SPOT_sfire_server_14.4.0_relnotes.pdf?id=0
TSS-33986 - HTTP Basic authentication is no longer available by default
The use of HTTP Basic authentication (when the Spotfire Server is configured for username/password authentication) is now disabled by default.
TSS-33988 14.4.0 The OAuth2 Resource Owner Password Credentials grant is no longer available by default
For increased security and compliance with the OAuth 2.0 Security Best Current Practice, the OAuth2 Resource Owner Password Credentials grant is now disabled by default. In systems configured for username/password authentication (without being combined with OpenID Connect or similar) users of the Spotfire Analyst client will now authenticate through a web browser-based workflow.
Reference ticket #333760 (hidden): https://revvitysignals.zendesk.com/agent/tickets/333760
Comments
0 comments
Article is closed for comments.