Unable to login from TIBCO Spotfire Analyst 11.X onwards

Unable to login from TIBCO Spotfire Analyst 11.X onwards

book

Article ID: KB0071828

calendar_today

Updated On:

Products

Spotfire Analyst

Description

There has been a product design change for Spotfire Analyst 11.X and higher. Whenever any user has upgraded to 11.0 or onward, there is a possibility that Public Address URL and the URL provided during login might not be the same. This mis-configuration may result in this error stack:
 
Error message: Cannot log in to server.

AuthenticationException at :
Could not authenticate with server to get tokens (no response error). (HRESULT: 80131501)

Stack Trace:

WebException at System:
Unable to connect to the remote server (HRESULT: 80131509)

Stack Trace:
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at Spotfire.Dxp.Framework.Login.OAuth2AuthenticationFlow.<>c__DisplayClass19_0.<TryGetTokensUsingUsernamePassword>g__RequestAction|0(HttpWebRequest tokenRequest)
at Spotfire.Dxp.Framework.Login.OAuth2AuthenticationFlow.<>c__DisplayClass27_0.<TryExecuteTokenRequest>b__0()
at Spotfire.Dxp.Services.Http.SpotfireRequest.ExecuteNonSpotfireServerRequestWithRetry(Boolean allowRetryToCauseDuplicateRequests, Func`1 requestCreator, Int32 maxNoOfRetry, Nullable`1 retryDelay, Action checkCancel)
at Spotfire.Dxp.Framework.Login.OAuth2AuthenticationFlow.TryExecuteTokenRequest(Action`1 requestAction, Boolean getRefreshToken, Boolean isPasswordRequest, String& authToken, String& refreshToken, String& scope, Exception& error)

SocketException at System:
No connection could be made because the target machine actively refused it X.X.X.X:X (HRESULT: 80004005)

Stack Trace:
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)


Explanation on new design behavior:

Reference:
Spotfire Server Host name & IP : http://adityavm01.apacanalytics.lab:90 & http://10.97.111.115:90

User-added image

The Spotfire Analyst 11.0 is embedded with OAuth2 login form which acts as authorization mechanism in login dialog. When we enter username/password, Spotfire Analyst sends Spotfire Server a request which receives Spotfire Manifest in return. This Spotfire Manifest contains various parameters where Public Address URL is one of the parameters which Spotfire Server intends to use all the time.

User-added image

When Analyst initiates authentication for OAuth2 as shown below, the server responds with 2 URL's. One for authorization and one for token generation. 

User-added image

Analyst picks up the token endpoint URL from response header and sends request along with client id in order to obtain bearer token as shown below.

User-added image

This is where Resolution 2 comes in place. Since Analyst does not know the IP of the host specified, it intends to search in the hosts file of Windows. If there is no entry for the respective Host name and IP, there is a probability that this error is thrown. Once we add the entry for respective Host Name and it's IP address, the Analyst is able to get the IP of the Host Name for which it sends request for bearer token generation and successfully sends a request to token endpoint URL.

The second possibility is due to mismatch between Spotfire Server URL in Analyst Login and the Public Address URL. As we have seen in the previous example how it extracts and uses the token endpoint URL from the Response header. If the Public Address is set to  http://adityavm01.apacanalytics.lab:80 and actual server address is  http://adityavm01.apacanalytics.lab:90, then it for sure that the Analyst would send a request to a wrong token endpoint URL.
 

Issue/Introduction

After upgrading the Analyst to 11.0 or onwards, user gets 'Error message: Cannot log in to server. Unable to connect to the remote server (HRESULT: 80131509)' exception while logging in. This Article helps you resolve this issue.

Environment

All

Resolution

Resolution 1 (Recommended):
To resolve this, ensure that when logging in with the TIBCO Spotfire Analyst client that you are the using Public Address URL of the TIBCO Spotfire Server. For more details see:
Resolution 2:
If the Public Address URL contains Domain Name and you are using IP of that Domain Name, then please add the IP and Domain Name in your Windows hosts file located at : C:\Windows\System32\drivers\etc  as shown below.
User-added image

eg: If your Public Address URL has http://adityavm01.apacanalytics.lab/
and you are using http://10.97.111.115 in you Spotfire Analyst URL, then add the IP and respective Domain Name in your hosts file.

For Resolution 1 and Resolution 2, please close and reopen your Spotfire Analyst login dialog once you have reflected changes either in Public Address URL or Hosts file.

Additional Information

KB 000046334 Where Tibco Spotfire Server Public Address URL is stored and Why it is not updated in configuration file while switching to older configuration? Doc: set-public-address