book
Article ID: KB0078352
calendar_today
Updated On:
Description
When logging in to the TIBCO Spotfire Analyst client with OAuth2 web authentication on Windows machines with FIPS enabled, the Spotfire login dialog will stay stuck at the following dialog forever:
The following detailed error message is logged in the TIBCO Spotfire Analyst logs:
2019-03-22T08:41:35,909+01:00 2019-03-22 07:41:35,909 [DXP Splash Thread 2] INFO Spotfire.Dxp.Loader.LoginControl [(null)] - Failed to authenticate System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at System.Security.Cryptography.SHA256Managed..ctor() at Spotfire.Dxp.Framework.Login.OAuth2AuthenticationFlow.Sha256(String inputString) in C:\Source\SVNEU\gen-10-1-0\SpotfireDxp\src\Framework\Login\OAuth2AuthenticationFlow.cs:line 493 at Spotfire.Dxp.Framework.Login.OAuth2AuthenticationFlow.Authenticate(CancellationToken cancellationToken) in C:\Source\SVNEU\gen-10-1-0\SpotfireDxp\src\Framework\Login\OAuth2AuthenticationFlow.cs:line 110 at Spotfire.Dxp.Loader.LoginControl.<>c__DisplayClass49_1.<OkButtonClick>b__0() in C:\Source\SVNEU\gen-10-1-0\SpotfireDxp\src\Loader\LoginControl.cs:line 698 at System.Threading.Tasks.Task`1.InnerInvoke() at System.Threading.Tasks.Task.Execute()
Below are the steps to know if the FIPS algorithm is enabled or disabled on the Windows machine where the issue occurs:
- Open Local Security Policy editor (search for it in start menu)
- Select *Local Policies\Security Options to the left
- See Security setting for policy “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” is set to "Enabled"
Resolution
This is a known issue where OAuth2 web authentication in TIBCO Spotfire is not FIPS compliant for versions 10.2 and lower. Starting with version 10.3, Spotfire will be FIPS compliant and Web/OAuth2 authentication can be used on FIPS enabled Windows machines.
The issue is also fixed in the following versions:
- TIBCO Spotfire 7.11 HF-018 and higher
- TIBCO Spotfire 10.2 HF-002 and higher
- TIBCO Spotfire 10.3 and higher
See the
list of client hotfixes for more details.
To resolve the issue:
- Upgrade to any of the versions mentioned above via upgrade or hotfix if applicable to your version: 7.11 HF-018 and higher, 10.2 HF-002 and higher, or 10.3 and higher.
or:
- For other versions, disable the FIPS algorithm by setting the “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” registry entry described above to "Disabled"
Issue/Introduction
This article gives information about what all Spotfire versions are FIPS compliant using OAuth2 web authentication and possible workaround for other versions.
Additional Information
Doc: Web authentication
Wiki: List of hotfixes for TIBCO Spotfire® Clients (Analyst, Web Player (Consumer/Business Author) and Automation Services)