Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledge Base
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Columbus Signals Image Artist
Downloads
Downloads
Community
Support Forums Ideas Portal Product Basics
About Support
Legal Resources Support and Maintenance Plans Product Life Cycle Support News
Contact Support

400 Bad Request when trying to access Spotfire Web Player in a Kerberos environment

Sukesh Nischal
  • Updated

When accessing the Web Player in a kerberos environment, some users are not able to log in.

In a browser a message similar to the image below may be seen.



mceclip0.png

 

This is usually the result of a large Authorisation request header that is sent to the Spotfire server. The Authorisation header contains a Kerberos ticket, which can grow too large a size if the user is a member of a large number of groups in Active Directory.

To resolve the error, the following registry key in Windows should be adjusted. Within the path

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters

Create the following values if they do not already exist

MaxFieldLength  DWORD
MaxRequestBytes DWORD

The values to set these to will depend on the users token size. This will depend on how many groups the user is a member of. Refer to the following document to know how to calculate the token size.

Once you have the token size, both these parameters should be set according to the formula:

(4/3 * T bytes) + 200

where T is the users token size.

In addition to this, the maximum token size for Kerberos may also need to be adjusted.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters

MaxTokenSize DWORD


Spotfire Server (Tomcat)


The Tomcat server has it's own setting for the maxumum request header (maxHttpHeaderSize)
The setting controls the maximum size of a http header. The default value of the maximum header size is 65536. This can be changed to match the value in the Windows server. There is no theoretical upper limit for the value of this parameter.

This can be found in the <installation root>\tomcat\conf\server.xml

 <Connector port="80"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxHttpHeaderSize="65536"
connectionTimeout="30000"
enableLookups="false"
URIEncoding="UTF-8"
disableUploadTimeout="true"
server="TIBCO Spotfire Server"
compression="on"
compressibleMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,image/svg+xml,application/xml"
acceptorThreadCount="2"
keepAliveTimeout="30000"
maxKeepAliveRequests="-1"
maxThreads="2000" />

 

After editing the file, restart your Spotfire services. You should then be able to login via Kerberos

Related articles