Article - CS307493
Getting "[ Error decoding incoming SAML message ][ No SAML message present in request ]" while accessing ThingWorx Platform/ThingWorx Navigate when Single Sign-On (SSO) is enabled
Modified: 10-Apr-2025
Applies To
- Windchill Navigate (formerly ThingWorx Navigate) 1.5.0 to 9.3
- ThingWorx Platform 8.0 to 9.6
- PingFederate
Description
- Single Sign On enabled on ThingWorx with PingFederate is not working correctly
- ThingWorx application fails to start with EnableSSO set to true
- Login attempts fail post-SSO setup with Microsoft EntraID
- User is unable to log in to ThingWorx Composer after SSO setup
- No SAML message present in request error in ThingWorx Platform or ThingWorx Navigate with PingFederate when trying to login with SSO user
- Error in ThingWorx logs as follows:
- <ThingworxStorage>\logs\SecurityLog.log:
[ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ] [S: ] [T: https-jsse-nio-8443-exec-5] [ Error decoding incoming SAML message ][ No SAML message present in request ]
- <ThingworxStorage>\logs\ErrorLog.log:
[ ERROR] [O: E.c.t.s.f.ValidatingHttpRequest] [I: ] [U: ???] [S: ] [P: ] [T: https-jsse-nio-8443-exec-3] Error occurred while validating HTTP parameter: SAMLResponse. HTTP parameter name: SAMLResponse: Invalid input. The maximum length of xxxxxxx characters was exceeded.
- Error in PingFederate <PingFederate_Home>\logs\server.log:
ERROR [org.sourceid.saml20.profiles.idp.HandleAuthnRequest] Unable to verify the signature. Please make sure that verification certificates are properly configured and not expired. ERROR [org.sourceid.saml20.profiles.idp.HandleAuthnRequest] Exception occurred during request processing org.sourceid.saml20.profiles.StatusResponseException: Unable to verify the signature at org.sourceid.saml20.profiles.ResumableRequestHandlerBase.verifySignature(ResumableRequestHandlerBase.java:111) ~[pf-protocolengine.jar:?] at org.sourceid.saml20.profiles.idp.HandleAuthnRequest.verifySignature(HandleAuthnRequest.java:204) ~[pf-protocolengine.jar:?]
This is a printer-friendly version of Article 307493 and may be out of date. For the latest version click CS307493