アーティクル - CS419861
SSO 対応の ThingWorx にログインできません。SecurityLog に「セッションでメッセージが見つかりません」というエラーが表示されます。
修正日: 10-Jun-2024
適用対象
- ThingWorx Platform 9.2
説明
- SSO を有効にして ThingWorx にログインできず、ブラウザ画面にエラーが表示される
After enabled SSO, Showing below error while trying to access the application. "The system is currently encountering an authentication configuration error. Close the browser and try to login again. If the problem persists, contact your system administrator."
- SSO を使用してログインしようとすると、AuthLog.log に次のエラーが表示されます。
[O: o.s.s.s.l.SAMLDefaultLogger] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-8443-exec-1] AuthNResponse;FAILURE;30.22.9.64;TWX_SP;GlobalShopFloorToolsDev5;09236890;;org.opensaml.common.SAMLException: InResponseToField of the Response doesn't correspond to sent message a5c51f32d30ja98316086g7ac4c4idd__ at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:139)__ at com.ptc.eauth.identity.saml2.PTCWebSSOProfileConsumerImpl.processAuthenticationResponse(PTCWebSSOProfileConsumerImpl.java:25)__ at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:88)__ at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175)__ at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:92)__ at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)__ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)__ at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:60)__ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)__ at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)__ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)__ at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87)__ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)__ at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)__ at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)__ at com.thingworx.security.authentication.sso.ThingworxSSOAuthenticator.authenticate(ThingworxSSOAuthenticator.java:849)__ at com.thingworx.security.authentication.sso.ThingworxSSOAuthenticator.validateAuthenticationRequest(ThingworxSSOAuthenticator.java:1382)__ at jdk.internal.reflect.GeneratedMethodAccessor80.invoke(Unknown Source)__ at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)__ at java.base/java.lang.reflect.Method.invoke(Method.java:566)__ at com.thingworx.security.authentication.AuthenticationUtilities.validateSSOAuthenticationRequest(AuthenticationUtilities.java:664)__ at com.thingworx.security.authentication.AuthenticationUtilities.validateAuthenticationRequest(AuthenticationUtilities.java:619)__ at com.thingworx.security.authentication.AuthenticationFilter.authenticate(AuthenticationFilter.java:477)__ at com.thingworx.security.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:248)__ at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__ at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__ at com.thingworx.security.contenttype.ContentTypeFilter.doFilter(ContentTypeFilter.java:138)__ at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__ at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__ at com.thingworx.security.filter.ValidationFilter.doFilter(ValidationFilter.java:22)__ at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__ at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__ at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)__ at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)__ at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)__ at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389)__ at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__ at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__ at com.thingworx.security.filter.ClickjackFilter.doFilter(ClickjackFilter.java:208)__ at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__ at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__ at com.thingworx.security.filter.HttpResponseHeadersFilter.doFilter(HttpResponseHeadersFilter.java:172)__ at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)__ at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)__ at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)__ at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)__ at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)__ at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)__ at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)__ at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670)__ at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)__ at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:346)__ at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)__ at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)__ at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928)__ at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794)__ at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)__ at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)__ at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)__ at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)__ at java.base/java.lang.Thread.run(Thread.java:829)__
- SecurityLog.log には、1 つのエンコードされたメッセージに対して 2 つの異なるセッション ID が表示されています。エンコードされたメッセージは 1 つのセッションに保存されていますが、ThingWorx は別のセッションでそれを見つけようとしています。そのため、エラーはエンコードされたメッセージが応答に対応していないことを示しています。
[O: o.s.s.s.s.HttpSessionStorage] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-8080-exec-2] Storing message a3g6af8d578c80181e90ib9j0062435 to session 8B11EBBC8018067E70F0939840DFBCED [O: o.o.s.b.d.HTTPPostDecoder] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-8443-exec-23] Decoded SAML message:_<samlp:Response Version="2.0" ID="SQHPq3nlwX1hy2TvcFge9yCB9Et" IssueInstant="2024-05-28T12:56:43.374Z" InResponseTo="a3g6af8d578c80181e90ib9j0062435" Destination="https://t01wap11525.corp.pep.tst:8443/Thingworx/saml/SSO" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">GlobalShopFloorToolsDev5</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#SQHPq3nlwX1hy2TvcFge9yCB9Et"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>cqx6aA4yX/Qfy/11xwD/Wf3JvbY4dCg/0k2Sb6qGxWw=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>f8PkVrArQlLS/jKDRykLegkXmjL+qpAEy9k/OBjPQUnixJxWbjJa5Ldvf7aRVE6YP3BE8EPxBcCZMVKN34uFXo90CHuWxL+UQxkeLh/KWl+nWSpsx6SIK0MxTThP3jhSswM/76HQl2SCsn2M2dp2saJLyBTEd/AaUeBnnQ0oKD7KnS2TZ1TkhjFzV+KxuB+jKr6OV0C7IB6i6yUm/bwfcsQ4321PRVX4zmHBcEZLRo4CTbmkytaMtz74HDMMYfHL+Gnh/FSOrUsNOWryDh1IuGLcowx5ZUKz8ld5g0x8XRZ83PTH02tVWx/jys5Z1fYw9zU+eYIstY2qlYlT7thFPA==</ds:SignatureValue></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:En ... [O: o.o.w.m.d.BaseMessageDecoder] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-8443-exec-23] Resultant DOM message was:_<?xml version="1.0" encoding="UTF-8"?><samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://t01wap11525.corp.pep.tst:8443/Thingworx/saml/SSO" ID="SQHPq3nlwX1hy2TvcFge9yCB9Et" InResponseTo="a3g6af8d578c80181e90ib9j0062435" IssueInstant="2024-05-28T12:56:43.374Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">GlobalShopFloorToolsDev5</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#SQHPq3nlwX1hy2TvcFge9yCB9Et"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>cqx6aA4yX/Qfy/11xwD/Wf3JvbY4dCg/0k2Sb6qGxWw=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>f8PkVrArQlLS/jKDRykLegkXmjL+qpAEy9k/OBjPQUnixJxWbjJa5Ldvf7aRVE6YP3BE8EPxBcCZMVKN34uFXo90CHuWxL+UQxkeLh/KWl+nWSpsx6SIK0MxTThP3jhSswM/76HQl2SCsn2M2dp2saJLyBTEd/AaUeBnnQ0oKD7KnS2TZ1TkhjFzV+KxuB+jKr6OV0C7IB6i6yUm/bwfcsQ4321PRVX4zmHBcEZLRo4CTbmkytaMtz74HDMMYfHL+Gnh/FSOrUsNOWryDh1IuGLcowx5ZUKz8ld5g0x8XRZ83PTH02tVWx/jys5Z1fYw9zU+eYIstY2qlYlT7thFPA==</ds:SignatureValue></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org ... [O: o.s.s.s.s.HttpSessionStorage] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-8443-exec-23] Message a3g6af8d578c80181e90ib9j0062435 not found in session 60D481146A1C733E6C6D8AD5FB58EC26 [O: o.s.s.s.l.SAMLDefaultLogger] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-8443-exec-23] AuthNResponse;FAILURE;30.22.9.64;TWX_SP;GlobalShopFloorToolsDev5;09236890;;org.opensaml.common.SAMLException: InResponseToField of the Response doesn't correspond to sent message a3g6af8d578c80181e90ib9j0062435__ at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:139)__ at com.ptc.eauth.identity.saml2.PTCWebSSOProfileConsumerImpl.processAuthenticationResponse(PTCWebSSOProfileConsumerImpl.java:25)__ at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:88)__ at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175)__ at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:92)__ at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)__ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)__ at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:60)__ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)__ at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)__ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)__ at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87)__ at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)__ at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)__ at org.springframewo ... [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-8443-exec-23] [ Error validating SAML message ][ InResponseToField of the Response doesn't correspond to sent message a3g6af8d578c80181e90ib9j0062435 ]
最新バージョンはこちらを参照ください CS419861