cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - New to the community? Learn how to post a question and get help from PTC and industry experts! X

Azure AD and Thingworx SSO configuration

Go to solution
Velkumar
18-Opal
18-Opal
‎Mar 09, 2020 03:17 AM
‎Mar 09, 2020 03:17 AM

Azure AD and Thingworx SSO configuration

Hi,

 

I'm trying to integrate Azure AD for SSO, I have configured Thingworx platform-settings.json and sso-settings.json as in documentation. When I start Thingworx I get following error,

 

2020-03-02 09:25:55.868+0000 [L: DEBUG] [O: S.c.t.s.a.AuthenticationFilter] [I: ] [U: verja] [S: ] [P: ] [T: http-nio-80-exec-18] executing request for URI: /Thingworx/Logs/SecurityLog/Services/GetLogLevel
2020-03-02 09:27:44.935+0000 [L: INFO] [O: S.c.t.s.a.s.SSOBootstrapper] [I: ] [U: SuperUser] [S: ] [P: ] [T: localhost-startStop-1] ThingworxSSOBootstrapper context initializing...
2020-03-02 09:27:44.982+0000 [L: INFO] [O: S.c.t.s.a.s.SSOBootstrapper] [I: ] [U: SuperUser] [S: ] [P: ] [T: localhost-startStop-1] ThingworxSSOContextLoaderListener created ...
2020-03-02 09:27:44.982+0000 [L: INFO] [O: S.c.t.s.a.s.SSOBootstrapper] [I: ] [U: SuperUser] [S: ] [P: ] [T: localhost-startStop-1] ThingworxSSOContextLoaderListener context initializing...
2020-03-02 09:27:45.170+0000 [L: INFO] [O: S.c.t.s.a.s.SSOSettingsFile] [I: ] [U: SuperUser] [S: ] [P: ] [T: localhost-startStop-1] The config file - sso-settings.json location is: /ThingworxPlatform\ssoSecurityConfig
2020-03-02 09:27:45.201+0000 [L: INFO] [O: S.c.t.s.a.s.SSOSettingsFile] [I: ] [U: SuperUser] [S: ] [P: ] [T: localhost-startStop-1] The config file - sso-settings.json location is: /ThingworxPlatform\ssoSecurityConfig
2020-03-02 09:27:45.201+0000 [L: INFO] [O: S.c.t.s.a.s.SSOSettingsFile] [I: ] [U: SuperUser] [S: ] [P: ] [T: localhost-startStop-1] The config file - sso-settings.json location is: /ThingworxPlatform\ssoSecurityConfig
2020-03-02 09:27:45.357+0000 [L: INFO] [O: S.c.t.s.a.s.SSOResourceServer] [I: ] [U: SuperUser] [S: ] [P: ] [T: localhost-startStop-1] The resourceServerSettings.json file was loaded succesfully.
2020-03-02 09:27:45.373+0000 [L: INFO] [O: S.c.t.s.a.s.SSOResourceServer] [I: ] [U: SuperUser] [S: ] [P: ] [T: localhost-startStop-1] Thingworx configured with global scopes of THINGWORX
2020-03-02 09:27:46.639+0000 [L: INFO] [O: S.c.t.s.a.s.SSOContext] [I: ] [U: SuperUser] [S: ] [P: ] [T: localhost-startStop-1] SSOContext created...
2020-03-02 09:27:47.795+0000 [L: INFO] [O: o.s.s.c.SecurityNamespaceHandler] [I: ] [U: SuperUser] [S: ] [P: ] [T: localhost-startStop-1] Spring Security 'config' module version is 5.2.1.RELEASE
2020-03-02 09:27:51.951+0000 [L: ERROR] [O: S.c.t.s.a.s.SSOSettings] [I: ] [U: SuperUser] [S: ] [P: ] [T: localhost-startStop-1] [ Failed to get SSO Setting [table=SCIMAccessTokenServicesSettings, setting=authScimOAuthClientId] ][ JSONObject["SCIMAccessTokenServicesSettings"] not found. ]
2020-03-02 09:27:51.951+0000 [L: ERROR] [O: S.c.t.s.a.s.SSOSCIMClientAwareOAuth2AuthenticationManager] [I: ] [U: SuperUser] [S: ] [P: ] [T: localhost-startStop-1] Failed to get instance of SSOSettings class
2020-03-02 09:27:51.982+0000 [L: ERROR] [O: S.c.t.s.a.s.SSOSettings] [I: ] [U: SuperUser] [S: ] [P: ] [T: localhost-startStop-1] [ Failed to get SSO Setting [table=SCIMAccessTokenServicesSettings, setting=clientId] ][ JSONObject["SCIMAccessTokenServicesSettings"] not found. ]
2020-03-02 09:27:52.092+0000 [L: INFO] [O: o.s.s.w.DefaultSecurityFilterChain] [I: ] [U: SuperUser] [S: ] [P: ] [T: localhost-startStop-1] Creating filter chain: Ant [pattern='/rp/SCIMProvider/**'], [org.springframework.security.web.context.SecurityContextPersistenceFilter@4c091f6, org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter@2a05a8e8, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@379a1011, com.thingworx.security.authentication.sso.ThingworxSSOAuthenticatorFilter@6f559ce]
2020-03-02 09:27:52.248+0000 [L: INFO] [O: o.s.s.w.DefaultSecurityFilterChain] [I: ] [U: SuperUser] [S: ] [P: ] [T: localhost-startStop-1] Creating filter chain: Ant [pattern='/rp/**'], [org.springframework.security.web.context.SecurityContextPersistenceFilter@4c091f6, org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter@ff143e6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@379a1011, com.thingworx.security.authentication.sso.ThingworxSSOAuthenticatorFilter@6f559ce]
2020-03-02 09:27:52.576+0000 [L: ERROR] [O: o.s.s.s.k.JKSKeyManager] [I: ] [U: SuperUser] [S: ] [P: ] [T: localhost-startStop-1] Error initializing key store
2020-03-02 09:27:52.701+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticationFilter] [I: ] [U: ???] [S: ] [P: ] [T: localhost-startStop-1] Could not load session timeout from database, using default: null
2020-03-02 09:27:52.811+0000 [L: INFO] [O: S.c.t.s.s.SCIMProvider] [I: ] [U: ???] [S: ] [P: ] [T: localhost-startStop-1] Initializing SCIMProvider servlet...
2020-03-02 09:27:52.811+0000 [L: ERROR] [O: S.c.t.s.s.SCIMProvider] [I: ] [U: ???] [S: ] [P: ] [T: localhost-startStop-1] SCIMProvider initialization failure.  Thingworx Server is not running
2020-03-02 09:27:54.248+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticationUtilities] [I: ] [U: ] [S: ] [P: ] [T: http-nio-80-exec-3] null
2020-03-02 09:27:54.248+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticationFilter] [I: ] [U: ] [S: ] [P: ] [T: http-nio-80-exec-3] Could not handle request
2020-03-02 09:27:54.279+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-3] errorMessage: [Unauthorized], statusCode: [401]
2020-03-02 09:28:07.295+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticationUtilities] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-3] null

 

 

Could any one help me to fix this issue ?

 

/VR

 

0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
raluca_edu
17-Peridot
17-Peridot
(To:Velkumar)
‎Mar 09, 2020 07:04 AM
‎Mar 09, 2020 07:04 AM

Hi,

 

You are using also PingFederate?

The error is related to keystore, could you check if you have such file?

 

Thank you,

Raluca Edu

View solution in original post

0 Kudos
Notify Moderator
7 REPLIES 7
raluca_edu
17-Peridot
17-Peridot
(To:Velkumar)
‎Mar 09, 2020 07:04 AM
‎Mar 09, 2020 07:04 AM

Hi,

 

You are using also PingFederate?

The error is related to keystore, could you check if you have such file?

 

Thank you,

Raluca Edu

0 Kudos
Notify Moderator
Velkumar
18-Opal
18-Opal
(To:raluca_edu)
‎Mar 10, 2020 01:38 AM
‎Mar 10, 2020 01:38 AM

Hi @raluca_edu ,

 

Yes I have created and placed keystore file in mentioned location.

 

Regards,

Velkumar R

0 Kudos
Notify Moderator
raluca_edu
17-Peridot
17-Peridot
(To:Velkumar)
‎Mar 10, 2020 04:48 AM
‎Mar 10, 2020 04:48 AM

Hi,

 

Could you attach sso-settings.json (remove any credentials before) and pingfederate/logs?

 

Thanks,

Raluca Edu

0 Kudos
Notify Moderator
Velkumar
18-Opal
18-Opal
(To:raluca_edu)
‎Mar 10, 2020 06:32 AM
‎Mar 10, 2020 06:32 AM

Hi @raluca_edu 

 

Thanks for the response.

 

PFA the log files & json file.

 

Is there any specific method to create and verify keystore file. I created keystore using cmd from online.

 

/VR

PingFederateLog.zip
2 KB
0 Kudos
Notify Moderator
Velkumar
18-Opal
18-Opal
(To:Velkumar)
‎Mar 10, 2020 08:19 AM
‎Mar 10, 2020 08:19 AM

Hi @raluca_edu 

 

I have solved key issue it is due to tampered keystore file. 

 

Now I'm facing new error,

 

2020-03-10 12:08:26.895+0000 [L: ERROR] [O: S.c.t.s.a.s.ThingworxSSOAuthenticator] [I: ] [U: SuperUser] [S: ] [P: ] [T: http-nio-80-exec-8] [ Failed to utilize the SSO component for authentication ][ org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP ][ No IDP was configured, please update included metadata with at least one IDP ]
2020-03-10 12:08:26.895+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticationFilter] [I: ] [U: SuperUser] [S: ] [P: ] [T: http-nio-80-exec-8] Could not handle request
2020-03-10 12:08:26.910+0000 [L: ERROR] [O: S.c.t.s.a.s.ThingworxSSOAuthenticator] [I: ] [U: SuperUser] [S: ] [P: ] [T: http-nio-80-exec-6] [ Failed to utilize the SSO component for authentication ][ org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP ][ No IDP was configured, please update included metadata with at least one IDP ]
2020-03-10 12:08:26.910+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticationFilter] [I: ] [U: SuperUser] [S: ] [P: ] [T: http-nio-80-exec-6] Could not handle request
2020-03-10 12:08:26.910+0000 [L: ERROR] [O: S.c.t.s.a.s.ThingworxSSOAuthenticator] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-5] [ Failed to utilize the SSO component for authentication ][ org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP ][ No IDP was configured, please update included metadata with at least one IDP ]
2020-03-10 12:08:26.910+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticationFilter] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-5] Could not handle request
2020-03-10 12:08:26.910+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-5] errorMessage: [Unauthorized], statusCode: [401]
2020-03-10 12:08:26.910+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-8] errorMessage: [Unauthorized], statusCode: [401]
2020-03-10 12:08:26.910+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-5] [ org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP ][ No IDP was configured, please update included metadata with at least one IDP ]
2020-03-10 12:08:26.910+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-8] [ org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP ][ No IDP was configured, please update included metadata with at least one IDP ]
2020-03-10 12:08:26.910+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-6] errorMessage: [Unauthorized], statusCode: [401]
2020-03-10 12:08:26.910+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-6] [ org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP ][ No IDP was configured, please update included metadata with at least one IDP ]
2020-03-10 12:13:26.786+0000 [L: ERROR] [O: S.c.t.s.a.s.ThingworxSSOAuthenticator] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-6] [ Failed to utilize the SSO component for authentication ][ org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP ][ No IDP was configured, please update included metadata with at least one IDP ]
2020-03-10 12:13:26.786+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticationFilter] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-6] Could not handle request
2020-03-10 12:13:26.786+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-6] errorMessage: [Unauthorized], statusCode: [401]
2020-03-10 12:13:26.786+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-6] [ org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP ][ No IDP was configured, please update included metadata with at least one IDP ]
2020-03-10 12:13:26.786+0000 [L: ERROR] [O: S.c.t.s.a.s.ThingworxSSOAuthenticator] [I: ] [U: ] [S: ] [P: ] [T: http-nio-80-exec-7] [ Failed to utilize the SSO component for authentication ][ org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP ][ No IDP was configured, please update included metadata with at least one IDP ]
2020-03-10 12:13:26.786+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticationFilter] [I: ] [U: ] [S: ] [P: ] [T: http-nio-80-exec-7] Could not handle request
2020-03-10 12:13:26.786+0000 [L: ERROR] [O: S.c.t.s.a.s.ThingworxSSOAuthenticator] [I: ] [U: ] [S: ] [P: ] [T: http-nio-80-exec-9] [ Failed to utilize the SSO component for authentication ][ org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP ][ No IDP was configured, please update included metadata with at least one IDP ]
2020-03-10 12:13:26.786+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-7] errorMessage: [Unauthorized], statusCode: [401]
2020-03-10 12:13:26.786+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-7] [ org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP ][ No IDP was configured, please update included metadata with at least one IDP ]
2020-03-10 12:13:26.786+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticationFilter] [I: ] [U: ] [S: ] [P: ] [T: http-nio-80-exec-9] Could not handle request
2020-03-10 12:13:26.802+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-9] errorMessage: [Unauthorized], statusCode: [401]
2020-03-10 12:13:26.802+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-9] [ org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP ][ No IDP was configured, please update included metadata with at least one IDP ]
2020-03-10 12:15:54.801+0000 [L: ERROR] [O: S.c.t.s.a.s.ThingworxSSOAuthenticator] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-1] [ Failed to utilize the SSO component for authentication ][ org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP ][ No IDP was configured, please update included metadata with at least one IDP ]
2020-03-10 12:15:54.801+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticationFilter] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-1] Could not handle request
2020-03-10 12:15:54.801+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-1] errorMessage: [Unauthorized], statusCode: [401]
2020-03-10 12:15:54.801+0000 [L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: http-nio-80-exec-1] [ org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP ][ No IDP was configured, please update included metadata with at least one IDP ]

 

Could you please help me to solve this issue 

 

/VR

0 Kudos
Notify Moderator
raluca_edu
17-Peridot
17-Peridot
(To:Velkumar)
‎Mar 10, 2020 08:24 AM
‎Mar 10, 2020 08:24 AM

Hi,

 

Follow this article: https://www.ptc.com/en/support/article/CS275630

 

Please add a full path for idpMetadataFilePath in sso-config.json

 

Hope it helps,

Raluca Edu

0 Kudos
Notify Moderator
Velkumar
18-Opal
18-Opal
(To:raluca_edu)
‎Mar 10, 2020 09:57 AM
‎Mar 10, 2020 09:57 AM

Hi @raluca_edu 

 

I have exported XML and placed in folder as in article, still I'm facing issue.

 

Capture.PNG

 

/VR

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags