Community Tip - Did you get an answer that solved your problem? Please mark it as an Accepted Solution so others with the same problem can find the answer easily. X
I am using Thingworx 8.0 with H2 db and navigate framework 1.5.
I am trying out this configuration for Thingworx SSO.
Here are some more details about it,
- I am using PingFederate as an IDP
- if i am disabling SSO in platform-settings.json file then Thingworx login works fine but if we enable it in platform-settings.json file then its giving some issue and i am not even able to see PingFed login page.
I am not able to open url http://localhost:8090/Thingworx/.
- here 8090 is the port configured for Apache Tomcat.
It is giving some error, you can see attached log file for more information.
Any help would be really appreciated here.
Thanks,
Imran
Solved! Go to Solution.
Jugding by the error, it is what it is - the failed signature is causing Idp not to work. It's trying to verify trust of the signature using keys found in the configured keystore. You may try to import the public certificate of the metadata signature (or of its CA + intermediate CA's) to the keystore. It should pass then unless it's expired.
Hi Imran, have you checked the Application Log and the Tomcat's catalina log for detail. The zip attached to your question doesn't seem to contain any error against the authentication issue.
Hi Sushant,
I have attached ApplicationLog and Catalina log with this reply.
I am getting some 'Signature trust establishment failed for metadata entry' error in ApplicationLog.
Please let me know if you need any more details.
Thanks,
Imran
Jugding by the error, it is what it is - the failed signature is causing Idp not to work. It's trying to verify trust of the signature using keys found in the configured keystore. You may try to import the public certificate of the metadata signature (or of its CA + intermediate CA's) to the keystore. It should pass then unless it's expired.
Thanks Polina for your reply.
I verified the signature at both the sides Thingworx and PingFederate and it is not redirecting my Thingworx login page to PingFederate login page.
If I am keeping my Thingworx clean with Thingworx 8.0 war file then my Thingworx login page is correctly getting redirected to PingFederate login page; but I am importing some of the windchill navigate apps then its not opening up any login page and just showing busy icon without proceeding further.
This issue is resolved now. I had configured my machine name instead of localhost in SSO configuration at PingFed side. I tried using same machine name instead of localhost in Thingworx url and it is working fine now.
Thank you all for your replies.