When setting up OpenID Connect with Okta on TIBCO Spotfire Server, it works correctly for the default port 443 but fails when non-default ports (such as 8443) are used.

For port 443 you do not have to set a port in the public address and Redirect URL. The port 443 is default for HTTPS. When using port 8443 (or any other non-default port) you need to explicitly enter the port in all places in the configuration in the Okta portal as well as in Spotfire configuration for OpenID connect.

Thus, make sure the port is specified in the following places.

(1) Okta portal:

• For the login redirect URl, specify the address with the 8443 port included.

• Public Address tab - Enable public address with the 8443 port defined and restart Spotfire Server (or run command set-public-address).
• OpenID tab - Enable OpenID connect with the 8443 port defined for the Return endpoint address

• https://support.tibco.com/s/article/How-to-configure-OpenID-connect-authentication-with-Okta-on-the-TIBCO-Spotfire-Serve

• https://docs.tibco.com/pub/spotfire_server/10.3.4/doc/html/TIB_sfire_server_tsas_admin_help/GUID-74323530-6878-4741-A50E-22EDC233A2C0.html 

• https://docs.tibco.com/pub/spotfire_server/10.3.0/doc/html/TIB_sfire_server_tsas_admin_help/GUID-246BA35C-9AA9-4215-A930-7DC98C2E18C1.htm

• https://docs.tibco.com/pub/spotfire_server/10.3.0/doc/html/TIB_sfire_server_tsas_admin_help/GUID-1168B883-EFAE-4F42-A652-45FF2A7CC143.html