While accessing an analysis file from the Spotfire Web Player or clicking "Analytics" from the Spotfire Administrator UI, "Internal Server Error" might be seen. Below is the error message seen in server.log file:

ERROR 2019-11-06T11:35:50,406-0500 [user@domain.com, #100, #347690] wp.router.DelegatingStrategy: Kerberos login to test.server.com failed. Response status: 401 UNAUTHORIZED, response body: 
org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 Unauthorized

ERROR 2019-11-06T11:35:50,422-0500 [user.domain.com, #100, #347690] wp.router.RequireDelegationStrategy:
There was an error logging in to [https://test.server.com:9501/868935b4-6db4-43d7-a45f-0d9cca72eb43, Status=AVAILABLE, SessionCount=0]

ERROR 2019-11-06T11:35:50,485-0500 [user@domain.com, #100, #347690] wp.controller.WebPlayerExceptionController: Internal Server Error 29d44b42-233e-4cb4-892b-f30d2a1a7692:
There was an error logging in to [https://test.server.com:9501/868935b4-6db4-43d7-a45f-0d9cca72eb43, Status=AVAILABLE, SessionCount=0]

Users would be able to log in to Spotfire successfully but the issue is only while accessing a report or while accessing "Analytics". 

This shows an issue with Kerberos delegation and the reason could be a mismatch in the encryption type of the Node Manager TGS request and TGS response. For example if the Node Manager machine's TGS request has encryption type AES-128 but it's TGS response has encryption type AES-256, delegation would fail from the Node Manager side and the above appears. This is because, the TIBCO Spotfire Node Manager is enforced to use a specific encryption type other than the one used in kerberos configuration(krb5.conf) for Spotfire.

To fix this issue, Kerberos authentication should be set up using an encryption method that is allowed on TIBCO Spotfire server, TIBCO Node Manager and the Domain controller machine.

Note: TGS refers to Ticket Granting Server and TGS request and TGS response are the packets sent and received by the server to set up the encrypted communication. This communication can be traced using a Network Tracing tool like Wireshark.

"Internal Server error" while accessing analysis file in Web Player

Doc: Krb5.conf file

• https://docs.tibco.com/pub/spotfire_server/10.3.4/doc/html/TIB_sfire_server_tsas_admin_help/GUID-1E941678-DDED-4CEB-917D-A58FC4EBF3B3.html