cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Your Friends List is a way to easily have access to the community members that you interact with the most! X

Thingworx 90 SSO with Windows ADFS error

tzhang11
5-Regular Member
5-Regular Member
‎Jan 11, 2021 04:17 AM
‎Jan 11, 2021 04:17 AM

Thingworx 90 SSO with Windows ADFS error

I follow the document to implement Thingworx SSO https://support.ptc.com/help/identity_and_access_management/en/index.html#page/iam/ExampleAdfsIdentityProviderWindchillResourceProvider.html
But when I try to loging to Thingworx . 

The ADFS server show event id 197 & 364 error.  

Does anyone know how to solve it?   

 

Thanks.
++++++++++++++++++++++++++++++++++++++++++
The Federation Service could not satisfy a token request because the accompanying credentials do not meet the authentication type requirement of 'urn:oasis:names:tc:SAML:2.0:ac:classes:password' for the relying party 'microsoft:identityserver:twx90'.
Authentication type:
Desired authentication type(s): urn:oasis:names:tc:SAML:2.0:ac:classes:password

****************************************************************error.PNGtwxError.PNG

Labels:
0 Kudos
Notify Moderator
2 REPLIES 2
Ciprian-Traian
16-Pearl
16-Pearl
(To:tzhang11)
‎Jan 11, 2021 08:11 AM
‎Jan 11, 2021 08:11 AM

Hello @tzhang11 ,

 

I would go over again the setup to check if there is some setting missing or misconfigured.

 

Have you updated and configure Tomcat to allow ThingWorx to operate in cross-domain environments.

There is an article with more details about it https://www.ptc.com/en/support/article/CS318637

Does the SSO Application Endpoint URL redirect to the IdP ?

Do you have enabled SSO from platform-settings.json ?

In the Mapping of LDAP attributes to outgoing claim types table, have you selected the values from the lists to map the ADFS attributes to the Active Directory attributes ?
    If you do not map these attributes correctly, single sign-on will not work
    https://support.ptc.com/help/identity_and_access_management/en/index.html#page/iam/ExampleAdfsIdentityProviderWindchillResourceProvider.html

 

Hope it helps,

 

0 Kudos
Notify Moderator
tzhang11
5-Regular Member
5-Regular Member
(To:Ciprian-Traian)
‎Jan 13, 2021 10:35 AM
‎Jan 13, 2021 10:35 AM

Hi Ciprian-Traian

I follow your recommendation and re-check all configurations again.

I still got the same message. Does it possible the problem due to the ADFS server config?

Do you have any idea I can try?  Or do you need other information to help identify the problem?

 

& Thanks for your reply.

TZ.

0 Kudos
Notify Moderator
Top Tags