技术文章 - CS393969
收到错误页面“系统当前遇到身份验证配置错误”。使用 ADFS 配置 ThingWorx Navigate SSO 后
已修改: 21-Mar-2024
适用于
- Windchill Navigate (formerly ThingWorx Navigate) 9.3 to 9.4
- PingFederate
- Microsoft Active Directory Federation Services (AD FS)
说明
- 使用 ADFS 配置 ThingWorx Navigate SSO 后出现以下错误
The system is currently encountering an authentication configuration error. Close the browser and try to login again. If the problem persists, contact your system administrator.
PingFederate server.log报告以下错误:
2023-06-01 10:35:58,886 tid:hpyFRPQwc4gvcRKxwcgCceunw7o ERROR [org.sourceid.saml20.profiles.sp.HandleAuthnResponse] Unexpected exception occurred in Response Handling: Connection contract attribute mapping produced empty result.
ThingWorx AuthLog报告以下内容:
2023-06-01 10:35:58.944+0000 [L: INFO] [O: o.s.s.s.l.SAMLDefaultLogger] [I: ] [U: ] [S: ] [P: ] [T: https-openssl-nio-8443-exec-3] AuthNResponse;FAILURE;127.0.0.1;TWX_SP;wnc1212-pf;;; org.opensaml.common.SAMLException: Response has invalid status code urn:oasis:names:tc:SAML:2.0:status:Responder, status message is Unexpected exception occurred in Response Handling: Connection contract attribute mapping produced empty result. __ at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:113)__ at com.ptc.eauth.identity.saml2.PTCWebSSOProfileConsumerImpl.processAuthenticationResponse(PTCWebSSOProfileConsumerImpl.java:25)__ at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:88)__ at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182)__ at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:92)__ at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223)__ at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:213)__ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)__ at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:64)__ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)__ at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)__ at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)__ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)__ at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87)__ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)__ at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:221)__ at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186)__ at com.thingworx.security.authentication.sso.ThingworxSSOAuthenticator.authenticate(ThingworxSSOAuthenticator.java:898)__ at com.thingworx.security.authentication.sso.ThingworxSSOAuthenticator.validateAuthenticationRequest(ThingworxSSOAuthenticator.java:1514)__ at jdk.internal.reflect.GeneratedMethodAccessor52.invoke(Unknown Source)__ at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)__ at java.base/java.lang.reflect.Method.invoke(Method.java:566)__ at com.thingworx.security.authentication.AuthenticationUtilities.validateSSOAuthenticationRequest(AuthenticationUtilities.java:700)__ at com.thingworx.security.authentication.AuthenticationUtilities.validateAuthenticationRequest(AuthenticationUtilities.java:649)__ at com.thingworx.security.authentication.AuthenticationFilter.authenticate(AuthenticationFilter.java:504)__ at com.thingworx.security.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:262)__ at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__ at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__ at com.thingworx.security.contenttype.ContentTypeFilter.doFilter(ContentTypeFilter.java:143)__ at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__ at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__ at com.thingworx.security.filter.ValidationFilter.doFilter(ValidationFilter.java:22)__ at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__ at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__ at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)__ at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)__ at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)__ at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389)__ at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__ at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__ at com.thingworx.security.filter.ClickjackFilter.doFilter(ClickjackFilter.java:298)__ at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__ at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__ at com.thingworx.security.filter.HttpResponseHeadersFilter.doFilter(HttpResponseHeadersFilter.java:172)__ at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__ at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__ at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)__ at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)__ at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:607)__ at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)__ at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)__ at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673)__ at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)__ at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)__ at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:389)__ at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)__ at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926)__ at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791)__ at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)__ at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)__ at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)__ at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)__ at java.base/java.lang.Thread.run(Thread.java:829)__ 2023-06-01 10:38:38.868+0000 [L: INFO] [O: o.s.s.s.l.SAMLDefaultLogger] [I: ] [U: ] [S: ] [P: ] [T: https-openssl-nio-8443-exec-8] AuthNRequest;SUCCESS;127.0.0.1;TWX_SP;wnc1212-pf;;
- 注:以上信息中的以下字符串仅在PTC测试环境中使用
- wnc1212.tsdevtest.ptc.com
- WNC1212-pf
- TWX_SP
这是文章 393969 的 PDF 版本,可能已过期。最新版本 CS393969