Kerberos authentication may fail after upgrading to Spotfire 10.3

Kerberos authentication may fail after upgrading to Spotfire 10.3

book

Article ID: KB0078108

calendar_today

Updated On:

Products Versions
Spotfire Server 10.3

Description

After upgrading to Spotfire Server version 10.3 from an earlier version, the server might fail to start up with this error seen in the catalina and server logs:
=====

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.spotfire.server.security.KerberosCredentialsManager]: Constructor threw exception; nested exception is com.spotfire.server.ServerInitializationException: Failure acquiring a Kerberos TGT for the service principal

Caused by: javax.security.auth.login.LoginException: No CallbackHandler available to garner authentication information from the user
====

One of the reasons for this issue could be because of the Spotfire Server folder changes that were introduced in 10.3

Issue/Introduction

This article talks about changes required in the Spotfire Server configuration after upgrade to 10.3 if the server is set up to use Kerberos authentication.

Environment

All supported environments

Resolution

The new location for the kerberos keytab and krb5.conf files is

    [10.3 Spotfire Server Installation directory ]\tomcat\ spotfire-config\

The Spotfire Server configuration will need to be updated to reflect these new paths for the krb5.conf and the keytab files. The "Browse" button will enable updating these paths. After these paths have been updated, save the configuration file to the Spotfire Database and then restart the Spotfire Server service. 

Here is an example of the modified configuration, using the default Spotfire Server installation path:

spotfire-kerberos-configuration
 
Powered by Wolken Software