Solved: Re: SSO - ESignature - "The user name entered does...

avillanueva · ‎Oct 21, 2024

I love deploying new things, ha. We tested and re-tested this but are seeing an issue live in production regarding SSO and esignature (reauthsecure configuration). I've been banging on it all morning just fine. Some users are working but others are not getting popup window to IDP when they click task complete. It comes immediately back and says "The user name entered does not match the user assigned to this task". I did not see a popup block message in the browser and I see the error in the MS. I am able to get it to work with a esig test workflow just fine and never saw this in pre-testing. Odd that its spotty which says config is right. Any ideas where to check?

avillanueva · ‎Oct 21, 2024

Resolving as this is likely related to some custom JSP I had done around the complete button. While existing (copied) code worked between different versions, OOTB code was updated to include SSO changes. Was not picked up in testing.

View solution in original post

avillanueva · ‎Oct 21, 2024

more Debug data:

2024-10-21 08:36:36,093 DEBUG [ajp-nio-127.0.0.1-8011-exec-8] wt.workflow.engine.SSOConfiguredSignatureEngine henry- Entering validateSig method
2024-10-21 08:36:36,093 DEBUG [ajp-nio-127.0.0.1-8011-exec-8] wt.workflow.engine.SSOConfiguredSignatureEngine henry - SSOConfiguredSignatureEngine authenticated user of current session-> User
	name = henry
	inflated = true
	repository = com.utcaus.Ldap
	dn = uid=henry,ou=people,cn=administrativeldap,cn=windchill_11.1,o=ptc
	fullName = Henry Somebody
	last = Silva
	authenticationName = henry
	eMail = <henry's email>
	internal = false
	disabled = false
	repairNeeded = false
	attributes = {uid=[henry], email=[<henry's email>], preferredlanguage=[en-US], mail=[<henry's email>], organizationname=[MYORG], telephonenumber=[XXX-XXX-XXXX], cn=[Henry Somebody], postaladdress=[our address], authenticationname=[henry], o=[MyOrg], locale=[en-US], objectclass=[top, inetOrgPerson, organizationalPerson, person], fullname=[Henry Somebody], sn=[Somebody]}
	additional attributes = null

2024-10-21 08:36:36,093 DEBUG [ajp-nio-127.0.0.1-8011-exec-8] wt.workflow.engine.SSOConfiguredSignatureEngine henry - SSOConfiguredSignatureEngine authenticated user from SSO-> null
2024-10-21 08:36:36,093 INFO  [ajp-nio-127.0.0.1-8011-exec-8] wt.workflow.engine.SSOConfiguredSignatureEngine henry- Entering isUserMatching method
2024-10-21 08:36:36,094 INFO  [ajp-nio-127.0.0.1-8011-exec-8] wt.workflow.engine.SSOConfiguredSignatureEngine henry- SSO User matching: false
2024-10-21 08:36:36,094 ERROR [ajp-nio-127.0.0.1-8011-exec-8] wt.workflow.engine.SSOConfiguredSignatureEngine henry- Error in validating Signature (wt.org.electronicIdentity.engines.EnginesRB/6) wt.org.electronicIdentity.SignatureInvalidException: The user name entered does not match the user assigned to this task. Only the user assigned to this task can complete it.

Everything looks right. This worked before when we had LDAP to validate esignature. Test of esignature works but this one came right back saying null? That is odd. I might be isolated to a specific workflow task but very strange that this would be dependent on some tasks liking it an other not. This particular task does use JSP task template if that matters.

avillanueva · ‎Oct 21, 2024

Traced issue to IDP_AUTHENTICATED_USER, "newIDPAuthorizedUser", being null. This might be related to a customization that did not pick up something that changed along the way but not sure. I will document but testing reversion now.

avillanueva · ‎Oct 21, 2024

Resolving as this is likely related to some custom JSP I had done around the complete button. While existing (copied) code worked between different versions, OOTB code was updated to include SSO changes. Was not picked up in testing.

SSO - ESignature - "The user name entered does not match the user assigned to this task"

SSO - ESignature - "The user name entered does not match the user assigned to this task"