OAuth2 web authentication fails in TIBCO Spotfire Analyst with “ System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms” error
Article ID: KB0078352
Updated On:
| Products | Versions |
|---|---|
| Spotfire Analyst | 10.2 and lower |
Description
When logging in to the TIBCO Spotfire Analyst client with OAuth2 web authentication on Windows machines with FIPS enabled, the Spotfire login dialog will stay stuck at the following dialog forever:
The following detailed error message is logged in the TIBCO Spotfire Analyst logs:
Below are the steps to know if the FIPS algorithm is enabled or disabled on the Windows machine where the issue occurs:
The following detailed error message is logged in the TIBCO Spotfire Analyst logs:
2019-03-22T08:41:35,909+01:00 2019-03-22 07:41:35,909 [DXP Splash Thread 2] INFO Spotfire.Dxp.Loader.LoginControl [(null)] - Failed to authenticate System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at System.Security.Cryptography.SHA256Managed..ctor() at Spotfire.Dxp.Framework.Login.OAuth2AuthenticationFlow.Sha256(String inputString) in C:\Source\SVNEU\gen-10-1-0\SpotfireDxp\src\Framework\Login\OAuth2AuthenticationFlow.cs:line 493 at Spotfire.Dxp.Framework.Login.OAuth2AuthenticationFlow.Authenticate(CancellationToken cancellationToken) in C:\Source\SVNEU\gen-10-1-0\SpotfireDxp\src\Framework\Login\OAuth2AuthenticationFlow.cs:line 110 at Spotfire.Dxp.Loader.LoginControl.<>c__DisplayClass49_1.<OkButtonClick>b__0() in C:\Source\SVNEU\gen-10-1-0\SpotfireDxp\src\Loader\LoginControl.cs:line 698 at System.Threading.Tasks.Task`1.InnerInvoke() at System.Threading.Tasks.Task.Execute()
Below are the steps to know if the FIPS algorithm is enabled or disabled on the Windows machine where the issue occurs:
- Open Local Security Policy editor (search for it in start menu)
- Select *Local Policies\Security Options to the left
- See Security setting for policy “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” is set to "Enabled"
Issue/Introduction
This article gives information about what all Spotfire versions are FIPS compliant using OAuth2 web authentication and possible workaround for other versions.
Resolution
This is a known issue where OAuth2 web authentication in TIBCO Spotfire is not FIPS compliant for versions 10.2 and lower. Starting with version 10.3, Spotfire will be FIPS compliant and Web/OAuth2 authentication can be used on FIPS enabled Windows machines.
The issue is also fixed in the following versions:
To resolve the issue:
The issue is also fixed in the following versions:
- TIBCO Spotfire 7.11 HF-018 and higher
- TIBCO Spotfire 10.2 HF-002 and higher
- TIBCO Spotfire 10.3 and higher
To resolve the issue:
- Upgrade to any of the versions mentioned above via upgrade or hotfix if applicable to your version: 7.11 HF-018 and higher, 10.2 HF-002 and higher, or 10.3 and higher.
- For other versions, disable the FIPS algorithm by setting the “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” registry entry described above to "Disabled"
Additional Information
Doc: Web authentication
Wiki: List of hotfixes for TIBCO Spotfire® Clients (Analyst, Web Player (Consumer/Business Author) and Automation Services)
Feedback
Yes
No
Powered by
