Article - CS408429
On Windchill configured with SSO, after entering credentials on Idp, user is redirected back to Ping Federate authentication page instead of Windchill page
Modified: 08-Jan-2024
Applies To
- Windchill PDMLink 12.0
Description
Error message below reported in Ping Federate server.log :
SAML response contains :
(reference# AOSUWFYH) Response contains no valid assertions: [ Assertion (id128228069944992771387827234) Status: INVALID Remarks: Assertion audience condition validation failed, expecting <name> or a SAML v1.x Assertion Consumer Service URL with the same hostname as the base URL (https://<PF_FQDN>-pingfed-runtime.cloud.thingworx.com) in all audience restriction conditions.]. InMessageContext
SAML response contains :
… <saml2:AudienceRestriction><saml2:Audience>NAME</saml2:Audience></saml2:AudienceRestriction>
This is a printer-friendly version of Article 408429 and may be out of date. For the latest version click CS408429