Oauth2 authentication does not support applications that are created using Microsoft V2.0 Azure AD

Oauth2 authentication does not support applications that are created using Microsoft V2.0 Azure AD

book

Article ID: KB0076705

calendar_today

Updated On:

Products Versions
Spotfire Server 7.8 and higher

Description

Microsoft Azure AD has 2 API's and you can register them with Azure in two different places depending on whether you want to use the new v2.0 or the older one. Applications created in https://apps.dev.microsoft.com/ are registered by version 2.0 and the apps that are created using https://portal.azure.com/ are the older ones.

Some companies registers Microsoft Azure applications using v2.0 API but when OpenID is configured with v2.0 endpoint users will not be able to login. In that case, you will see the following error message in server.log .

WARN 2018-03-17T13:08:21,723+0000 [*Initialization*] auth.oidc.OidcAuthenticator: The 'issuer' claim from the discovery document (https://login.microsoftonline.com/55e98fdf-9ac4-42f6-a35d-6bcb4d9b4bc7/v2.0/) does not match the expected value (https://login.microsoftonline.com/tfp/55e98fdf-9ac4-42f6-a35d-6bcb4d9b4bc7/Default/v2.0)

 

Issue/Introduction

This article describes the v2.0 endpoint discovery document URL (https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration) that is created for Spotfire OpenID Client.

Resolution

TIBCO Spotfire does not support v2.0 API currently, which is why users get the error "Could not login please contact the system administrator" while logging into Spotfire. Therefore, to workaround this issue, make sure to register Azure AD applications using: Also, the discovery document URL that is configured on the TIBCO Spotfire Server should be of the following format:
 

Additional Information

External: How to register an app with the v2.0 endpoint
Powered by Wolken Software