OpenId Connect authentication fails with "Error calling the Token Endpoint: invalid_client"

OpenId Connect authentication fails with "Error calling the Token Endpoint: invalid_client"

book

Article ID: KB0079100

calendar_today

Updated On:

Products Versions
Spotfire Server 7.8 and higher

Description

OpenID Connect authentication fails with the following error when the "redirect_uri" does not match with that of what is set in "Identity Provider" or if the "redirect_uri" is not added to the list of reply urls: 

 DEBUG 2019-02-27T19:22:32,750-0500 [unknown, #23, #665] server.security.AuthenticationManager: Attempting authentication using the OpenID Connect authenticator WARN 2019-02-27T19:22:33,249-0500 [unknown, #23, #665] auth.oidc.OidcAuthenticator: OpenID Connect authentication failed com.spotfire.server.security.auth.oidc.OidcException: Error calling the Token Endpoint: invalid_client, error_description: AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: 'bbb39fcb-bda7-42cb-8263-1ecc2533429a'. Trace ID: a4d9adf4-f946-47a3-8bd5-8c5a61f00800 Correlation ID: 69c7f217-4f67-49fa-b165-0cd58a0e8c57 Timestamp: 2019-02-28 00:22:13Z 	at com.spotfire.server.security.auth.oidc.OidcAuthenticator.handleTokenEndpointError(OidcAuthenticator.java:511) ~[server.jar:?] 	at com.spotfire.server.security.auth.oidc.OidcAuthenticator.callTokenEndpoint(OidcAuthenticator.java:481) ~[server.jar:?] 	at com.spotfire.server.security.auth.oidc.OidcAuthenticator.authenticate(OidcAuthenticator.java:306) ~[server.jar:?] 	at com.spotfire.server.security.AuthenticationManager.doAuthenticate(AuthenticationManager.java:394) ~[server.jar:?] ....................... Caused by: org.springframework.web.client.HttpClientErrorException: 400 Bad Request 	at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91) ~[spring-web.jar:4.3.7.RELEASE] 	at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:700) ~[spring-web.jar:4.3.7.RELEASE] 	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:653) ~[spring-web.jar:4.3.7.RELEASE] 	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:613) ~[spring-web.jar:4.3.7.RELEASE] 	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:531) ~[spring-web.jar:4.3.7.RELEASE] 	at com.spotfire.server.security.auth.oidc.OidcAuthenticator.callTokenEndpoint(OidcAuthenticator.java:468) ~[server.jar:?] 	... 74 more DEBUG 2019-02-27T19:22:33,281-0500 [unknown, #23, #665] server.security.SecurityFilter: User authentication failed

 

Resolution

To resolve, add the correct "redirect url" or "return endpoint url" for your TIBCO Spotfire Server in the Identity Provider configuration (the "identity provider" is the 3rd party authentication provider like Google, Azure, Yahoo etc).

The correct redirect URL would be like http://<spotfireservername>/spotfire/auth/oidc/authenticate and is found in TIBCO Spotfire Configuration tool here:
  • TIBCO Spotfire Server Configuration Tool > Configuration tab > OpenID Connect > Return endpoint
User-added image

Issue/Introduction

OpenId Connect authentication fails with "Error calling the Token Endpoint: invalid_client"

Additional Information

Doc:Configuring OpenID Connect
Powered by Wolken Software