There has been a product design change for Spotfire Analyst 11.X and higher. Whenever any user has upgraded to 11.0 or onward, there is a possibility that Public Address URL and the URL provided during login might not be the same. This mis-configuration may result in this error stack:
Error message: Cannot log in to server.
AuthenticationException at :
Could not authenticate with server to get tokens (no response error). (HRESULT: 80131501)
Stack Trace:
WebException at System:
Unable to connect to the remote server (HRESULT: 80131509)
Stack Trace:
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at Spotfire.Dxp.Framework.Login.OAuth2AuthenticationFlow.<>c__DisplayClass19_0.<TryGetTokensUsingUsernamePassword>g__RequestAction|0(HttpWebRequest tokenRequest)
at Spotfire.Dxp.Framework.Login.OAuth2AuthenticationFlow.<>c__DisplayClass27_0.<TryExecuteTokenRequest>b__0()
at Spotfire.Dxp.Services.Http.SpotfireRequest.ExecuteNonSpotfireServerRequestWithRetry(Boolean allowRetryToCauseDuplicateRequests, Func`1 requestCreator, Int32 maxNoOfRetry, Nullable`1 retryDelay, Action checkCancel)
at Spotfire.Dxp.Framework.Login.OAuth2AuthenticationFlow.TryExecuteTokenRequest(Action`1 requestAction, Boolean getRefreshToken, Boolean isPasswordRequest, String& authToken, String& refreshToken, String& scope, Exception& error)
SocketException at System:
No connection could be made because the target machine actively refused it X.X.X.X:X (HRESULT: 80004005)
Stack Trace:
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception) Explanation on new design behavior:
Reference:
Spotfire Server Host name & IP : http://adityavm01.apacanalytics.lab:90 & http://10.97.111.115:90
The Spotfire Analyst 11.0 is embedded with OAuth2 login form which acts as authorization mechanism in login dialog. When we enter username/password, Spotfire Analyst sends Spotfire Server a request which receives Spotfire Manifest in return. This Spotfire Manifest contains various parameters where Public Address URL is one of the parameters which Spotfire Server intends to use all the time.
When Analyst initiates authentication for OAuth2 as shown below, the server responds with 2 URL's. One for authorization and one for token generation.
Analyst picks up the token endpoint URL from response header and sends request along with client id in order to obtain bearer token as shown below.
This is where Resolution 2 comes in place. Since Analyst does not know the IP of the host specified, it intends to search in the hosts file of Windows. If there is no entry for the respective Host name and IP, there is a probability that this error is thrown. Once we add the entry for respective Host Name and it's IP address, the Analyst is able to get the IP of the Host Name for which it sends request for bearer token generation and successfully sends a request to token endpoint URL.
The second possibility is due to mismatch between Spotfire Server URL in Analyst Login and the Public Address URL. As we have seen in the previous example how it extracts and uses the token endpoint URL from the Response header. If the Public Address is set to http://adityavm01.apacanalytics.lab:80 and actual server address is http://adityavm01.apacanalytics.lab:90, then it for sure that the Analyst would send a request to a wrong token endpoint URL.