TIBCO Spotfire Server fails to start to authenticate against OpenID Connect with error message 'No 'code' parameter given'
Article ID: KB0076305
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.8 and higher |
Description
You may see the following error message in the Admin UI when OpenID Connect authentication is enabled on the TIBCO Spotfire Server with Okta as Identity Provider.
'Could not login, contact your administrator'
Below error message can be seen in server.log:
WARN 2019-11-08T16:42:12,951+0000 [unknown, #50, #9048] auth.oidc.OidcAuthenticator: OpenID Connect authentication failed
com.spotfire.server.security.auth.oidc.OidcException: No 'code' parameter given
at com.spotfire.server.security.auth.oidc.OidcAuthenticator.authenticate(OidcAuthenticator.java:306) ~[spotfire-server.jar:?]
at com.spotfire.server.security.AuthenticationManager.doAuthenticate(AuthenticationManager.java:406) ~[spotfire-server.jar:?]
at com.spotfire.server.security.AuthenticationManager.authenticateNonAnonymously(AuthenticationManager.java:356) ~[spotfire-server.jar:?]
at com.spotfire.server.security.AuthenticationManager.authenticateFrontend(AuthenticationManager.java:221) ~[spotfire-server.jar:?]
at com.spotfire.server.security.AuthenticationManager.authenticate(AuthenticationManager.java:205) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$AuthenticationFilter.attemptAuthentication(SecurityFilter.java:444) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$AuthenticationFilter.doFilter(SecurityFilter.java:241) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$InternalFilter.doFilter(SecurityFilter.java:978) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$InternalFilterChain.doFilter(SecurityFilter.java:1007) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$UserDataConstraintFilter.doFilter(SecurityFilter.java:852) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$InternalFilter.doFilter(SecurityFilter.java:978) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$InternalFilterChain.doFilter(SecurityFilter.java:1007) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$ConnectorFilter.doFilter(SecurityFilter.java:812) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$InternalFilter.doFilter(SecurityFilter.java:978) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$InternalFilterChain.doFilter(SecurityFilter.java:1007) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter.doFilter(SecurityFilter.java:159) ~[spotfire-server.jar:?]
.......
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) ~[catalina.jar:9.0.17]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) ~[tomcat-coyote.jar:9.0.17]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) ~[tomcat-coyote.jar:9.0.17]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834) ~[tomcat-coyote.jar:9.0.17]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415) ~[tomcat-coyote.jar:9.0.17]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.17]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_201]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_201]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.17]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201]
'Could not login, contact your administrator'
Below error message can be seen in server.log:
WARN 2019-11-08T16:42:12,951+0000 [unknown, #50, #9048] auth.oidc.OidcAuthenticator: OpenID Connect authentication failed
com.spotfire.server.security.auth.oidc.OidcException: No 'code' parameter given
at com.spotfire.server.security.auth.oidc.OidcAuthenticator.authenticate(OidcAuthenticator.java:306) ~[spotfire-server.jar:?]
at com.spotfire.server.security.AuthenticationManager.doAuthenticate(AuthenticationManager.java:406) ~[spotfire-server.jar:?]
at com.spotfire.server.security.AuthenticationManager.authenticateNonAnonymously(AuthenticationManager.java:356) ~[spotfire-server.jar:?]
at com.spotfire.server.security.AuthenticationManager.authenticateFrontend(AuthenticationManager.java:221) ~[spotfire-server.jar:?]
at com.spotfire.server.security.AuthenticationManager.authenticate(AuthenticationManager.java:205) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$AuthenticationFilter.attemptAuthentication(SecurityFilter.java:444) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$AuthenticationFilter.doFilter(SecurityFilter.java:241) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$InternalFilter.doFilter(SecurityFilter.java:978) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$InternalFilterChain.doFilter(SecurityFilter.java:1007) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$UserDataConstraintFilter.doFilter(SecurityFilter.java:852) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$InternalFilter.doFilter(SecurityFilter.java:978) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$InternalFilterChain.doFilter(SecurityFilter.java:1007) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$ConnectorFilter.doFilter(SecurityFilter.java:812) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$InternalFilter.doFilter(SecurityFilter.java:978) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter$InternalFilterChain.doFilter(SecurityFilter.java:1007) ~[spotfire-server.jar:?]
at com.spotfire.server.security.SecurityFilter.doFilter(SecurityFilter.java:159) ~[spotfire-server.jar:?]
.......
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) ~[catalina.jar:9.0.17]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) ~[tomcat-coyote.jar:9.0.17]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) ~[tomcat-coyote.jar:9.0.17]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834) ~[tomcat-coyote.jar:9.0.17]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415) ~[tomcat-coyote.jar:9.0.17]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.17]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_201]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_201]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.17]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201]
Issue/Introduction
This article will help resolve the issue when an error "No 'code' parameter given" is seen in server.log
Resolution
The reason why it returned "No code parameter" is due to the prompt parameter value set in OpenID configuration. Setting prompt parameter with the value 'none' means that there is no active session from Identity Provider side (the End-User is not already Authenticated in Okta) to authenticate silently.
If you want to use the 'none' parameter then you should ensure to establish the session in Okta and then login with Spotfire. If not, you can change the parameter to 'login' so that the Spotfire Server attempts to Authenticate the End-User even if the End-User is already authenticated.
<auth-request-prompt-value>none</auth-request-prompt-value>
If you want to use the 'none' parameter then you should ensure to establish the session in Okta and then login with Spotfire. If not, you can change the parameter to 'login' so that the Spotfire Server attempts to Authenticate the End-User even if the End-User is already authenticated.
<auth-request-prompt-value>login</auth-request-prompt-value>
Additional Information
Doc: Advanced OpenID Connect Settings
Feedback
Yes
No
Powered by
