cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ThingWorx Navigate is now Windchill Navigate Learn More

Translate the entire conversation x

SSO : The request was rejected because the URL contained a potentially malicious String "%25"

Go to solution
Velkumar
19-Tanzanite
19-Tanzanite
‎May 30, 2024 02:25 AM
‎May 30, 2024 02:25 AM

SSO : The request was rejected because the URL contained a potentially malicious String "%25"

Hello Community,

 

We are trying to enable SSO on Thingworx with AD FS. When we access Thingworx it throw below error message 

 

[L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-443-exec-19] [ The request was rejected because the URL contained a potentially malicious String "%25" ]
[L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-443-exec-10] [ Error validating SAML message ][ NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration ]
[L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-443-exec-7] [ Error validating SAML message ][ NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration ]
[L: ERROR] [O: S.c.t.s.a.s.ThingworxSSOAuthenticator] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-443-exec-16] [ Failed to utilize the SSO component for authentication ][ The request was rejected because the URL contained a potentially malicious String "%25" ]

 

Could someone help me on this

 

Thanks

VR

Labels:
0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
Velkumar
19-Tanzanite
19-Tanzanite
(To:Velkumar)
‎Jun 03, 2024 06:12 AM
‎Jun 03, 2024 06:12 AM

With support of PTC, we managed to fix the issue.

 

Error Message :

[ The request was rejected because the URL contained a potentially malicious String "%25" ]

In sso-settings.json, file path was mentioned using backslash "\\" changed to frontslash "//"

 

Example :

Instead of  

"C:\\PTC\\idp-metadata.xml"

use

"C://PTC//idp-metadata.xml"

 

For error message :

[ Error validating SAML message ][ NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration ]

 

Add NameID in SAML response subject. This should be changed in IDP side

 

For AD FS refer below link 

 

Authentication Failed: Error validating SAML message : NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration - Progress Community

 

/VR

View solution in original post

0 Kudos
Notify Moderator
5 REPLIES 5
Surya_Tiwari
16-Pearl
16-Pearl
(To:Velkumar)
‎May 30, 2024 06:18 AM
‎May 30, 2024 06:18 AM

Hi @Velkumar  Remove special characters "%", ";", "\", "/" from file name

Check documentation  Windchill Help Center > Windchill Fundamentals > Working with Windchill Objects > Object Overview > Special characters 

0 Kudos
Notify Moderator
Velkumar
19-Tanzanite
19-Tanzanite
(To:Surya_Tiwari)
‎May 30, 2024 06:29 AM
‎May 30, 2024 06:29 AM

Hi @Surya_Tiwari 

 

I went through this article - CS327941 - Error "The request was rejected because the URL contained a potentially malicious String "%25"" reported in MethodServer.log when donwloading a file from Navigate with SSO enabled (ptc.com)

 

I think it is not applicable for my use case. Here I'm trying to integrate ADFS and Thingworx. While authentication I'm facing this error message

 

/VR

0 Kudos
Notify Moderator
Velkumar
19-Tanzanite
19-Tanzanite
(To:Velkumar)
‎Jun 03, 2024 06:12 AM
‎Jun 03, 2024 06:12 AM

With support of PTC, we managed to fix the issue.

 

Error Message :

[ The request was rejected because the URL contained a potentially malicious String "%25" ]

In sso-settings.json, file path was mentioned using backslash "\\" changed to frontslash "//"

 

Example :

Instead of  

"C:\\PTC\\idp-metadata.xml"

use

"C://PTC//idp-metadata.xml"

 

For error message :

[ Error validating SAML message ][ NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration ]

 

Add NameID in SAML response subject. This should be changed in IDP side

 

For AD FS refer below link 

 

Authentication Failed: Error validating SAML message : NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration - Progress Community

 

/VR

0 Kudos
Notify Moderator
Prasad_N
5-Regular Member
5-Regular Member
(To:Velkumar)
‎Jul 02, 2024 08:37 AM
‎Jul 02, 2024 08:37 AM

Hello Velkumar,

 

   I have a requirement  to enable SSO on Thingworx with AD FS. Do you have any resources to implement this feature.

0 Kudos
Notify Moderator
Velkumar
19-Tanzanite
19-Tanzanite
(To:Prasad_N)
‎Jul 04, 2024 12:56 AM
‎Jul 04, 2024 12:56 AM

Hi @Prasad_N 

 

Configuring Authentication with AD FS (ptc.com)

 

/VR

0 Kudos
Notify Moderator
Announcements




Contact Community Management
Top Tags