Article - CS288004
"Authentication statement is too old to be used with value <Date Time>" is seen in the SecurityLog and some Users are not able to access ThingWorx Platform via Single Sign-On (SSO)
Modified: 01-May-2025
Applies To
- ThingWorx Platform 8.0 to 9.7
- Windchill Navigate (formerly ThingWorx Navigate) 8.5.0 to 9.7
Description
- Unable to login to ThingWorx Composer with error after configuring Single Sign-On (SSO):
The system is currently encountering an authentication configuration error. Close the browser and try to login again. If the problem persists, contact your system administrator. - Users have to clear browser cache to be able to access ThingWorx Platform via SSO
- ThingWorx PingFederate SSO login doesn't work and requires browser cache to be cleared very often
- Enabled Keep me signed in (KMSI) option in Azure and now ThingWorx users cannot sign into Composer via SSO
- SecurityLog.log located in <ThingworxStorage>\logs reports following error:
[L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ] [S: ] [P: ] [T: https-openssl-nio-443-exec-6] [ Error validating SAML message ][ Response doesn't have any valid assertion which would pass subject validation ][ Authentication statement is too old to be used with value <Date Time> ]
This is a printer-friendly version of Article 288004 and may be out of date. For the latest version click CS288004