Community Tip - Need to share some code when posting a question or reply? Make sure to use the "Insert code sample" menu option. Learn more! X
I follow the document to implement Thingworx SSO https://support.ptc.com/help/identity_and_access_management/en/index.html#page/iam/ExampleAdfsIdentityProviderWindchillResourceProvider.html
But when I try to loging to Thingworx .
The ADFS server show event id 197 & 364 error.
Does anyone know how to solve it?
Thanks.
++++++++++++++++++++++++++++++++++++++++++
The Federation Service could not satisfy a token request because the accompanying credentials do not meet the authentication type requirement of 'urn:oasis:names:tc:SAML:2.0:ac:classes:password' for the relying party 'microsoft:identityserver:twx90'.
Authentication type:
Desired authentication type(s): urn:oasis:names:tc:SAML:2.0:ac:classes:password
****************************************************************
Hello @tzhang11 ,
I would go over again the setup to check if there is some setting missing or misconfigured.
Have you updated and configure Tomcat to allow ThingWorx to operate in cross-domain environments.
There is an article with more details about it https://www.ptc.com/en/support/article/CS318637
Does the SSO Application Endpoint URL redirect to the IdP ?
Do you have enabled SSO from platform-settings.json ?
In the Mapping of LDAP attributes to outgoing claim types table, have you selected the values from the lists to map the ADFS attributes to the Active Directory attributes ?
If you do not map these attributes correctly, single sign-on will not work
https://support.ptc.com/help/identity_and_access_management/en/index.html#page/iam/ExampleAdfsIdentityProviderWindchillResourceProvider.html
Hope it helps,
Hi Ciprian-Traian
I follow your recommendation and re-check all configurations again.
I still got the same message. Does it possible the problem due to the ADFS server config?
Do you have any idea I can try? Or do you need other information to help identify the problem?
& Thanks for your reply.
TZ.