OpenId Connect authentication fails with "Error calling the Token Endpoint: invalid_client"
Article ID: KB0079100
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.8 and higher |
Description
OpenID Connect authentication fails with the following error when the "redirect_uri" does not match with that of what is set in "Identity Provider" or if the "redirect_uri" is not added to the list of reply urls:
DEBUG 2019-02-27T19:22:32,750-0500 [unknown, #23, #665] server.security.AuthenticationManager: Attempting authentication using the OpenID Connect authenticator WARN 2019-02-27T19:22:33,249-0500 [unknown, #23, #665] auth.oidc.OidcAuthenticator: OpenID Connect authentication failed com.spotfire.server.security.auth.oidc.OidcException: Error calling the Token Endpoint: invalid_client, error_description: AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: 'bbb39fcb-bda7-42cb-8263-1ecc2533429a'. Trace ID: a4d9adf4-f946-47a3-8bd5-8c5a61f00800 Correlation ID: 69c7f217-4f67-49fa-b165-0cd58a0e8c57 Timestamp: 2019-02-28 00:22:13Z at com.spotfire.server.security.auth.oidc.OidcAuthenticator.handleTokenEndpointError(OidcAuthenticator.java:511) ~[server.jar:?] at com.spotfire.server.security.auth.oidc.OidcAuthenticator.callTokenEndpoint(OidcAuthenticator.java:481) ~[server.jar:?] at com.spotfire.server.security.auth.oidc.OidcAuthenticator.authenticate(OidcAuthenticator.java:306) ~[server.jar:?] at com.spotfire.server.security.AuthenticationManager.doAuthenticate(AuthenticationManager.java:394) ~[server.jar:?] ....................... Caused by: org.springframework.web.client.HttpClientErrorException: 400 Bad Request at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91) ~[spring-web.jar:4.3.7.RELEASE] at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:700) ~[spring-web.jar:4.3.7.RELEASE] at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:653) ~[spring-web.jar:4.3.7.RELEASE] at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:613) ~[spring-web.jar:4.3.7.RELEASE] at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:531) ~[spring-web.jar:4.3.7.RELEASE] at com.spotfire.server.security.auth.oidc.OidcAuthenticator.callTokenEndpoint(OidcAuthenticator.java:468) ~[server.jar:?] ... 74 more DEBUG 2019-02-27T19:22:33,281-0500 [unknown, #23, #665] server.security.SecurityFilter: User authentication failed
Issue/Introduction
OpenId Connect authentication fails with "Error calling the Token Endpoint: invalid_client"
Resolution
To resolve, add the correct "redirect url" or "return endpoint url" for your TIBCO Spotfire Server in the Identity Provider configuration (the "identity provider" is the 3rd party authentication provider like Google, Azure, Yahoo etc).
The correct redirect URL would be like http://<spotfireservername>/spotfire/auth/oidc/authenticate and is found in TIBCO Spotfire Configuration tool here:
The correct redirect URL would be like http://<spotfireservername>/spotfire/auth/oidc/authenticate and is found in TIBCO Spotfire Configuration tool here:
- TIBCO Spotfire Server Configuration Tool > Configuration tab > OpenID Connect > Return endpoint
Additional Information
Feedback
Yes
No
Powered by
