Article - CS331131
Users fail to log in after configuring ThingWorx Navigate SSO with PingFederate as IdP
Modified: 25-Sep-2020
Applies To
- Windchill Navigate (formerly ThingWorx Navigate) 8.5.3
Description
- Users fail to log in after configuring ThingWorx Navigate SSO with PingFederate as IdP
- PingFederate audit.log reports following:
AUTHN_ATTEMPT| | <ipaddress> | | TWX_SP| SAML20| xxxxxxxx.xxxxxx.xxx| IdP| inprogress| IdpAdapter| | 15
- When following up CS271789 and Configuring DEBUG logging in PingFederate 8.2 and later to enable the debug loggers, PingFederate server.log report following error:
DEBUG [com.pingidentity.common.util.ldap.LDAPUtil] LDAP Pool Options [ldap://xxxxxxxx.xxxxxxx.xxx.com:389]: testOnBorrow=false; testOnReturn=false; createIfNecessary=true; max=100; min=10; maxWait=-1; timeBetweenEvictionRunsMillis=60000; readTimeout=3000; connTimeout=3000;
DEBUG [com.pingidentity.common.util.ldap.LDAPUtil] LDAP Pool Options [ldap://xxxxxxxx.xxxxxxx.xxx.com:389]: testOnBorrow=false; testOnReturn=false; createIfNecessary=true; max=100; min=10; maxWait=-1; timeBetweenEvictionRunsMillis=60000; readTimeout=3000; connTimeout=3000;
DEBUG [com.pingidentity.common.util.ldap.LDAPUtil] Created and cached (size is now 1) a new LDAPUtil for ConnectionInfo{id='LDAP-1A6BCAA9AA8DF22A451319083210C01057C7873C', serverUrl='ldap://xxxxxxxx.xxxxxxx.xxx.com:389', authenticationMethod='simple', principal='cn=Manager', binaryAttributes=null, testOnBorrow='false', testOnReturn='false', createIfNecessary='true', verifyHost='true', min='10', max='100', maxWait='-1', timeBetweenEvictionRunsMillis='60000', readTimeoutMillis='3000', connTimeoutMillis='3000'}
DEBUG [org.sourceid.saml20.domain.LDAPUsernamePasswordCredentialValidator] search [email protected]
DEBUG [org.sourceid.saml20.domain.LDAPPasswordCredentialValidatorResult] LDAP server response from 'xxxxxxxx.xxxxxxx.xxx.com:389': [LDAP: error code 49 - invalid credentials]. The response was interpreted as 'authn.srvr.msg.invalid.credentials'.
DEBUG [org.sourceid.servlet.HttpServletRespProxy] adding lazy cookie Cookie{pf-hfa-exp-pwd=; path=/; maxAge=0; domain=null} replacing null
DEBUG [org.sourceid.servlet.HttpServletRespProxy] flush cookies: adding Cookie{pf-hfa-exp-pwd=; path=/; maxAge=0; domain=null}
DEBUG [org.sourceid.websso.authn.AdapterAuthnProcessor] adapterResponse=IN_PROGRESS
DEBUG [org.sourceid.util.log.internal.TrackingIdSupport] [cross-reference-message] entityid:TWX_SP subject:[email protected]
DEBUG [org.sourceid.saml20.bindings.BindingServiceImpl] Not transporting protocol response message because the HTTP response has been committed (this is a normal condition usually due to an adapter or other component redirecting the user or writing its own content to the response).
DEBUG [com.pingidentity.common.util.ldap.LDAPUtil] LDAP Pool Options [ldap://xxxxxxxx.xxxxxxx.xxx.com:389]: testOnBorrow=false; testOnReturn=false; createIfNecessary=true; max=100; min=10; maxWait=-1; timeBetweenEvictionRunsMillis=60000; readTimeout=3000; connTimeout=3000;
DEBUG [com.pingidentity.common.util.ldap.LDAPUtil] Created and cached (size is now 1) a new LDAPUtil for ConnectionInfo{id='LDAP-1A6BCAA9AA8DF22A451319083210C01057C7873C', serverUrl='ldap://xxxxxxxx.xxxxxxx.xxx.com:389', authenticationMethod='simple', principal='cn=Manager', binaryAttributes=null, testOnBorrow='false', testOnReturn='false', createIfNecessary='true', verifyHost='true', min='10', max='100', maxWait='-1', timeBetweenEvictionRunsMillis='60000', readTimeoutMillis='3000', connTimeoutMillis='3000'}
DEBUG [org.sourceid.saml20.domain.LDAPUsernamePasswordCredentialValidator] search [email protected]
DEBUG [org.sourceid.saml20.domain.LDAPPasswordCredentialValidatorResult] LDAP server response from 'xxxxxxxx.xxxxxxx.xxx.com:389': [LDAP: error code 49 - invalid credentials]. The response was interpreted as 'authn.srvr.msg.invalid.credentials'.
DEBUG [org.sourceid.servlet.HttpServletRespProxy] adding lazy cookie Cookie{pf-hfa-exp-pwd=; path=/; maxAge=0; domain=null} replacing null
DEBUG [org.sourceid.servlet.HttpServletRespProxy] flush cookies: adding Cookie{pf-hfa-exp-pwd=; path=/; maxAge=0; domain=null}
DEBUG [org.sourceid.websso.authn.AdapterAuthnProcessor] adapterResponse=IN_PROGRESS
DEBUG [org.sourceid.util.log.internal.TrackingIdSupport] [cross-reference-message] entityid:TWX_SP subject:[email protected]
DEBUG [org.sourceid.saml20.bindings.BindingServiceImpl] Not transporting protocol response message because the HTTP response has been committed (this is a normal condition usually due to an adapter or other component redirecting the user or writing its own content to the response).
This is a printer-friendly version of Article 331131 and may be out of date. For the latest version click CS331131