Windchill commands fail with HTTP response code: 403 on SSO enabled Windchill
Applies To
- Windchill PDMLink 11.0 to 12.1
Description
- Windchill is configured with proxy web server and Windchill commands fail on SSO enable
-
The following error thrown on the screen when running windchill --javaargs="-Dwt.auth.trustedAuth.username=<username>" wt.auth.Authentication to diagnose :
DEBUG wt.httpgw.HTTPLogin - Opening URL connection to https://<hostname>/Windchill/trustedAuth/servlet/WindchillAuthGW/wt.httpgw.HTTPAuthentication/login?wt.effectiveUid=<username>
DEBUG wt.httpgw.HTTPLogin - Unexpected content type: text/html;charset=UTF-8
DEBUG wt.httpgw.HTTPLogin - Failed to get input stream from connection
java.io.IOException: Server returned HTTP response code: 403 for URL: https://<hostname>/Windchill/trustedAuth/servlet/WindchillAuthGW/wt.httpgw.HTTPAuthentication/login?wt.effectiveUid=<username>
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1974) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1969) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1968) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1536) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520) ~[?:?]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250) ~[?:?]
at wt.httpgw.HTTPLogin.init(HTTPLogin.java:334) [codebase/:?]
at wt.method.RemoteMethodServer.initAuthenticator(RemoteMethodServer.java:1064) [codebase/:?]
at wt.method.RemoteMethodServer.handleAuthenticationException(RemoteMethodServer.java:1043) [codebase/:?]
at wt.method.RemoteMethodServer.invoke(RemoteMethodServer.java:907) [codebase/:?]
at wt.auth.Authentication.getUserName(Authentication.java:68) [codebase/:?]
at wt.auth.Authentication.main(Authentication.java:235) [codebase/:?]
Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: https://<hostname>/Windchill/trustedAuth/servlet/WindchillAuthGW/wt.httpgw.HTTPAuthentication/login?wt.effectiveUid=<username>
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1924) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520) ~[?:?]
at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:3114) ~[?:?]
at java.net.URLConnection.getContentType(URLConnection.java:519) ~[?:?]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getContentType(HttpsURLConnectionImpl.java:402) ~[?:?]
at wt.httpgw.HTTPLogin.init(HTTPLogin.java:330) ~[codebase/:?]
... 5 more
DEBUG wt.httpgw.HTTPLogin - HTTP login failed: java.io.IOException: https://<hostname>/Windchill/trustedAuth/servlet/WindchillAuthGW/wt.httpgw.HTTPAuthentication/login?wt.effectiveUid=<username>: HTTP response 403, 403
java.io.IOException: https://<hostname>/Windchill/trustedAuth/servlet/WindchillAuthGW/wt.httpgw.HTTPAuthentication/login?wt.effectiveUid=<username>: HTTP response 403, 403
at wt.httpgw.HTTPLogin.init(HTTPLogin.java:349) [codebase/:?]
at wt.method.RemoteMethodServer.initAuthenticator(RemoteMethodServer.java:1064) [codebase/:?]
at wt.method.RemoteMethodServer.handleAuthenticationException(RemoteMethodServer.java:1043) [codebase/:?]
at wt.method.RemoteMethodServer.invoke(RemoteMethodServer.java:907) [codebase/:?]
at wt.auth.Authentication.getUserName(Authentication.java:68) [codebase/:?]
at wt.auth.Authentication.main(Authentication.java:235) [codebase/:?]
wt.util.WTRemoteException: Unable to invoke remote method; nested exception is:
wt.method.AuthenticationException
at wt.method.RemoteMethodServer.invoke(RemoteMethodServer.java:918)
at wt.auth.Authentication.getUserName(Authentication.java:68)
at wt.auth.Authentication.main(Authentication.java:235)
-
In methodserver.log , it throws the following error message :
ERROR [ajp-nio-127.0.0.1-8010-exec-1] wt.httpgw.filter.TrustedAuthFilter - TrustedAuthFilter: Attempt to set effective user to ' <username>' from untrusted host '<ip address>'
- Unable to get CSFR token. HTML error as below
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></meta>
<title>Windchill Error</title>
</head>
<body>
<!-- General purpose Windchill error page, /wtcore/error.jsp -->
<h1>Windchill Error</h1>
<p style="font-size: large">Contact your administrator for assistance.
Information for their reference follows.</p>
<table>
<tbody>
<tr>
<td colspan="2">
<hr></hr>
</td>
</tr>
<tr valign="top">
<th align="right" scope="row">Request Id:</th>
<td></td>
</tr>
<tr valign="top">
<th align="right" scope="row">Request URI:</th>
<td>/Windchill/servlet/odata/PTC/GetCSRFToken()</td>
</tr>
<tr valign="top">
<th align="right" scope="row">Query String:</th>
<td></td>
</tr>
<tr valign="top">
<th align="right" scope="row">Status Code:</th>
<td>403</td>
</tr>
<tr valign="top">
<th align="right" scope="row">Message:</th>
<td>Client not trusted</td>
</tr>
<tr>
<td colspan="2">
<hr></hr>
</td>
</tr>
</tbody>
</table>
<p style="font-style: italic; font-size: small">Current Time: 2023-01-03 10:25:26.952 -0500</p>
</body>
</html>