Got the error page "The system is currently encountering an authentication configuration error." after configuring ThingWorx Navigate SSO with ADFS

• Got the following error after configuring ThingWorx Navigate SSO with ADFS

The system is currently encountering an authentication configuration error.

Close the browser and try to login again. If the problem persists, contact your system administrator.

• PingFederate server.log reports the following error:

  2023-06-01 10:35:58,886 tid:hpyFRPQwc4gvcRKxwcgCceunw7o ERROR [org.sourceid.saml20.profiles.sp.HandleAuthnResponse] Unexpected exception occurred in Response Handling: Connection contract attribute mapping produced empty result.
  

• ThingWorx AuthLog reports the following contents:

2023-06-01 10:35:58.944+0000 [L: INFO] [O: o.s.s.s.l.SAMLDefaultLogger] [I: ] [U: ] [S: ] [P: ] [T: https-openssl-nio-8443-exec-3] AuthNResponse;FAILURE;127.0.0.1;TWX_SP;wnc1212-pf;;;org.opensaml.common.SAMLException: Response has invalid status code urn:oasis:names:tc:SAML:2.0:status:Responder, status message is Unexpected exception occurred in Response Handling: Connection contract attribute mapping produced empty result.__    at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:113)__    at com.ptc.eauth.identity.saml2.PTCWebSSOProfileConsumerImpl.processAuthenticationResponse(PTCWebSSOProfileConsumerImpl.java:25)__    at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:88)__    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182)__    at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:92)__    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223)__    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:213)__    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)__    at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:64)__    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)__    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)__    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)__    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)__    at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87)__    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)__    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:221)__    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186)__    at com.thingworx.security.authentication.sso.ThingworxSSOAuthenticator.authenticate(ThingworxSSOAuthenticator.java:898)__    at com.thingworx.security.authentication.sso.ThingworxSSOAuthenticator.validateAuthenticationRequest(ThingworxSSOAuthenticator.java:1514)__    at jdk.internal.reflect.GeneratedMethodAccessor52.invoke(Unknown Source)__    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)__    at java.base/java.lang.reflect.Method.invoke(Method.java:566)__    at com.thingworx.security.authentication.AuthenticationUtilities.validateSSOAuthenticationRequest(AuthenticationUtilities.java:700)__    at com.thingworx.security.authentication.AuthenticationUtilities.validateAuthenticationRequest(AuthenticationUtilities.java:649)__    at com.thingworx.security.authentication.AuthenticationFilter.authenticate(AuthenticationFilter.java:504)__    at com.thingworx.security.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:262)__    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__    at com.thingworx.security.contenttype.ContentTypeFilter.doFilter(ContentTypeFilter.java:143)__    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__    at com.thingworx.security.filter.ValidationFilter.doFilter(ValidationFilter.java:22)__    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__    at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)__    at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)__    at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)__    at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389)__    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__    at com.thingworx.security.filter.ClickjackFilter.doFilter(ClickjackFilter.java:298)__    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__    at com.thingworx.security.filter.HttpResponseHeadersFilter.doFilter(HttpResponseHeadersFilter.java:172)__    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)__    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)__    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:607)__    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)__    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)__    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673)__    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)__    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)__    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:389)__    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)__    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926)__    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791)__    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)__    at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)__    at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)__    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)__    at java.base/java.lang.Thread.run(Thread.java:829)__
2023-06-01 10:38:38.868+0000 [L: INFO] [O: o.s.s.s.l.SAMLDefaultLogger] [I: ] [U: ] [S: ] [P: ] [T: https-openssl-nio-8443-exec-8] AuthNRequest;SUCCESS;127.0.0.1;TWX_SP;wnc1212-pf;;

• Note: The following strings in the above information are just used in PTC testing environment
  • wnc1212.tsdevtest.ptc.com
  • wnc1212-pf
  • TWX_SP