Windows NT authentication users fail to login. Error: "server.security.PostAuthenticationFilterImpl: Denying access, the user principal ... is currently not enabled."
Article ID: KB0081291
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | All Versions |
Description
Sometimes users are not able to login to Spotfire with Windows NT authentication, with the below error in Spotfire server logs :
=========
server.security.PostAuthenticationFilterImpl: Denying access, the user principal 'abc@company.com' is currently not enabled
server.security.AuthenticationManager: Backend authentication blocked by the Post Authentication Filter
server.security.SecurityFilter: User authentication failed
==========
Due to any network communication issue in the environment, the users gets disabled and not able to sync in Spotfire. So when users are enabled manually and Spotfire server is restarted it works fine but again the users gets disabled after sometime.This is a default behavior and may result in denying logins for users who try to access Spotfire before the synchronization is completed.
=========
server.security.PostAuthenticationFilterImpl: Denying access, the user principal 'abc@company.com' is currently not enabled
server.security.AuthenticationManager: Backend authentication blocked by the Post Authentication Filter
server.security.SecurityFilter: User authentication failed
==========
Due to any network communication issue in the environment, the users gets disabled and not able to sync in Spotfire. So when users are enabled manually and Spotfire server is restarted it works fine but again the users gets disabled after sometime.This is a default behavior and may result in denying logins for users who try to access Spotfire before the synchronization is completed.
Issue/Introduction
Login in Spotfire with Windows NT authentication fails with error.: server.security.PostAuthenticationFilterImpl: Denying access, the user principal 'abc@company.com' is currently not enabled.
Resolution
Enable 'safe synchronization' in the Spotfire Server configuration:
- On the Spotfire Server, launch and login to the Spotfire Server Configuration Tool.
- From the 'System Status > Specify Configuration' option, use the 'Export configuration from database' to export the latest server configuration.
- Open the configuration.xml file in a text editor.
- Locate the safe-synchronization element in this configuration file.
Example:
<safe-synchronization>false</safe-synchronization>
- Set the value to true to enable safe synchronization.
Example:
<safe-synchronization>true</safe-synchronization>
- Save the configuration file.
- Load this modified configuration.xml file using the Spotfire Server configuration tool (System Status > Specify Configuration > Load configuration from file).
- Save this configuration to the database (Configuration > Save configuration).
- Restart the Spotfire Server Service.
Note: Once you restart the Spotfire Server service, make sure to allow enough time for the Windows NT synchronization to complete. The time to complete a synchronization depends on how many users you are trying to sync. For the Safe-synchronization to work, the synchronization has to be completed at least once. If you try logging in before the sync is completed, you may get the same error.
- On the Spotfire Server, launch and login to the Spotfire Server Configuration Tool.
- From the 'System Status > Specify Configuration' option, use the 'Export configuration from database' to export the latest server configuration.
- Open the configuration.xml file in a text editor.
- Locate the safe-synchronization element in this configuration file.
Example:
<safe-synchronization>false</safe-synchronization>
- Set the value to true to enable safe synchronization.
Example:
<safe-synchronization>true</safe-synchronization>
- Save the configuration file.
- Load this modified configuration.xml file using the Spotfire Server configuration tool (System Status > Specify Configuration > Load configuration from file).
- Save this configuration to the database (Configuration > Save configuration).
- Restart the Spotfire Server Service.
Note: Once you restart the Spotfire Server service, make sure to allow enough time for the Windows NT synchronization to complete. The time to complete a synchronization depends on how many users you are trying to sync. For the Safe-synchronization to work, the synchronization has to be completed at least once. If you try logging in before the sync is completed, you may get the same error.
Additional Information
https://docs.tibco.com/pub/spotfire_server/7.13.0/doc/html/TIB_sfire_server_tsas_admin_help/GUID-68D63795-CA4D-4CD3-B34E-F141D454F94D.html
Feedback
Yes
No
Powered by
