When Kerberos unconstrained delegation is enabled and the Google Chrome version is updated to version 101 then the delegation to the webplayer fails with the following error in server.log. The web client can not access the report and fails with "Internal server error". 

wp.router.DelegatingStrategy: Kerberos login to tss.spotfire.com failed
org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: KDC cannot accommodate requested option (13)))
Caused by: sun.security.krb5.Asn1Exception: Identifier doesn't match expected value (906)

Cause: The below registries are deprecated in Google Chrome version 101 and replaced with new entries. 
AuthNegotiateDelegateWhitelist
AuthServerWhitelist
See: https://chromeenterprise.google/policies/#AuthNegotiateDelegateWhitelist

On the client machine, navigate to the registry location HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome. And delete the deprecated registry keys. Or if this is managed by a group policy at the domain level then need to update the policy accordingly.
AuthNegotiateDelegateWhitelist
AuthServerWhitelist

Then create the below string values under the same location and add the URL(s) to the Spotfire Server(s).

Value Name: AuthServerAllowlist
Value Type: REG_SZ
Value: *.domain.com

Value Name: AuthNegotiateDelegateAllowlist
Value Type: REG_SZ
Value: *.domain.com

• https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/enabling_delegated_kerberos_for_google_chrome.html

• https://chromeenterprise.google/policies/#AuthNegotiateDelegateWhitelist