无法登录到启用 SSO 的 ThingWorx，SecurityLog 显示会话错误中未找到消息

• 无法在启用 SSO 的情况下登录 ThingWorx，浏览器屏幕上显示错误

After enabled SSO, Showing below error while trying to access the application.
"The system is currently encountering an authentication configuration error. Close the browser and try to login again. If the problem persists, contact your system administrator."

• 尝试使用 SSO 登录时，AuthLog.log 抛出以下错误

[O: o.s.s.s.l.SAMLDefaultLogger] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-8443-exec-1] AuthNResponse;FAILURE;30.22.9.64;TWX_SP;GlobalShopFloorToolsDev5;09236890;;org.opensaml.common.SAMLException: InResponseToField of the Response doesn't correspond to sent message a5c51f32d30ja98316086g7ac4c4idd__	at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:139)__	at com.ptc.eauth.identity.saml2.PTCWebSSOProfileConsumerImpl.processAuthenticationResponse(PTCWebSSOProfileConsumerImpl.java:25)__	at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:88)__	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175)__	at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:92)__	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)__	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)__	at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:60)__	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)__	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)__	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)__	at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87)__	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)__	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)__	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)__	at com.thingworx.security.authentication.sso.ThingworxSSOAuthenticator.authenticate(ThingworxSSOAuthenticator.java:849)__	at com.thingworx.security.authentication.sso.ThingworxSSOAuthenticator.validateAuthenticationRequest(ThingworxSSOAuthenticator.java:1382)__	at jdk.internal.reflect.GeneratedMethodAccessor80.invoke(Unknown Source)__	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)__	at java.base/java.lang.reflect.Method.invoke(Method.java:566)__	at com.thingworx.security.authentication.AuthenticationUtilities.validateSSOAuthenticationRequest(AuthenticationUtilities.java:664)__	at com.thingworx.security.authentication.AuthenticationUtilities.validateAuthenticationRequest(AuthenticationUtilities.java:619)__	at com.thingworx.security.authentication.AuthenticationFilter.authenticate(AuthenticationFilter.java:477)__	at com.thingworx.security.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:248)__	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__	at com.thingworx.security.contenttype.ContentTypeFilter.doFilter(ContentTypeFilter.java:138)__	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__	at com.thingworx.security.filter.ValidationFilter.doFilter(ValidationFilter.java:22)__	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__	at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)__	at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)__	at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)__	at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389)__	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__	at com.thingworx.security.filter.ClickjackFilter.doFilter(ClickjackFilter.java:208)__	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__	at com.thingworx.security.filter.HttpResponseHeadersFilter.doFilter(HttpResponseHeadersFilter.java:172)__	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)__	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)__	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)__	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)__	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)__	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670)__	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)__	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:346)__	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)__	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)__	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928)__	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794)__	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)__	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)__	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)__	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)__	at java.base/java.lang.Thread.run(Thread.java:829)__

• SecurityLog.log 显示一条编码消息有两个不同的会话 ID，编码消息存储在一个会话中，但 ThingWorx 尝试在另一个会话中找到它，因此错误显示编码消息与响应不对应

  • [O: o.s.s.s.s.HttpSessionStorage] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-8080-exec-2] Storing message a3g6af8d578c80181e90ib9j0062435 to session 8B11EBBC8018067E70F0939840DFBCED
    [O: o.o.s.b.d.HTTPPostDecoder] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-8443-exec-23] Decoded SAML message:_<samlp:Response Version="2.0" ID="SQHPq3nlwX1hy2TvcFge9yCB9Et" IssueInstant="2024-05-28T12:56:43.374Z" InResponseTo="a3g6af8d578c80181e90ib9j0062435" Destination="https://t01wap11525.corp.pep.tst:8443/Thingworx/saml/SSO" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">GlobalShopFloorToolsDev5</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#SQHPq3nlwX1hy2TvcFge9yCB9Et"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>cqx6aA4yX/Qfy/11xwD/Wf3JvbY4dCg/0k2Sb6qGxWw=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>f8PkVrArQlLS/jKDRykLegkXmjL+qpAEy9k/OBjPQUnixJxWbjJa5Ldvf7aRVE6YP3BE8EPxBcCZMVKN34uFXo90CHuWxL+UQxkeLh/KWl+nWSpsx6SIK0MxTThP3jhSswM/76HQl2SCsn2M2dp2saJLyBTEd/AaUeBnnQ0oKD7KnS2TZ1TkhjFzV+KxuB+jKr6OV0C7IB6i6yUm/bwfcsQ4321PRVX4zmHBcEZLRo4CTbmkytaMtz74HDMMYfHL+Gnh/FSOrUsNOWryDh1IuGLcowx5ZUKz8ld5g0x8XRZ83PTH02tVWx/jys5Z1fYw9zU+eYIstY2qlYlT7thFPA==</ds:SignatureValue></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:En ...
    [O: o.o.w.m.d.BaseMessageDecoder] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-8443-exec-23] Resultant DOM message was:_<?xml version="1.0" encoding="UTF-8"?><samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://t01wap11525.corp.pep.tst:8443/Thingworx/saml/SSO" ID="SQHPq3nlwX1hy2TvcFge9yCB9Et" InResponseTo="a3g6af8d578c80181e90ib9j0062435" IssueInstant="2024-05-28T12:56:43.374Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">GlobalShopFloorToolsDev5</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#SQHPq3nlwX1hy2TvcFge9yCB9Et"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>cqx6aA4yX/Qfy/11xwD/Wf3JvbY4dCg/0k2Sb6qGxWw=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>f8PkVrArQlLS/jKDRykLegkXmjL+qpAEy9k/OBjPQUnixJxWbjJa5Ldvf7aRVE6YP3BE8EPxBcCZMVKN34uFXo90CHuWxL+UQxkeLh/KWl+nWSpsx6SIK0MxTThP3jhSswM/76HQl2SCsn2M2dp2saJLyBTEd/AaUeBnnQ0oKD7KnS2TZ1TkhjFzV+KxuB+jKr6OV0C7IB6i6yUm/bwfcsQ4321PRVX4zmHBcEZLRo4CTbmkytaMtz74HDMMYfHL+Gnh/FSOrUsNOWryDh1IuGLcowx5ZUKz8ld5g0x8XRZ83PTH02tVWx/jys5Z1fYw9zU+eYIstY2qlYlT7thFPA==</ds:SignatureValue></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org ...
    [O: o.s.s.s.s.HttpSessionStorage] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-8443-exec-23] Message a3g6af8d578c80181e90ib9j0062435 not found in session 60D481146A1C733E6C6D8AD5FB58EC26
    [O: o.s.s.s.l.SAMLDefaultLogger] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-8443-exec-23] AuthNResponse;FAILURE;30.22.9.64;TWX_SP;GlobalShopFloorToolsDev5;09236890;;org.opensaml.common.SAMLException: InResponseToField of the Response doesn't correspond to sent message a3g6af8d578c80181e90ib9j0062435__	at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:139)__	at com.ptc.eauth.identity.saml2.PTCWebSSOProfileConsumerImpl.processAuthenticationResponse(PTCWebSSOProfileConsumerImpl.java:25)__	at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:88)__	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175)__	at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:92)__	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)__	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)__	at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:60)__	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)__	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)__	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)__	at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87)__	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)__	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)__	at org.springframewo ...
    [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-8443-exec-23] [ Error validating SAML message ][ InResponseToField of the Response doesn't correspond to sent message a3g6af8d578c80181e90ib9j0062435 ]