Community Tip - Need to share some code when posting a question or reply? Make sure to use the "Insert code sample" menu option. Learn more! X
I love deploying new things, ha. We tested and re-tested this but are seeing an issue live in production regarding SSO and esignature (reauthsecure configuration). I've been banging on it all morning just fine. Some users are working but others are not getting popup window to IDP when they click task complete. It comes immediately back and says "The user name entered does not match the user assigned to this task". I did not see a popup block message in the browser and I see the error in the MS. I am able to get it to work with a esig test workflow just fine and never saw this in pre-testing. Odd that its spotty which says config is right. Any ideas where to check?
Solved! Go to Solution.
Resolving as this is likely related to some custom JSP I had done around the complete button. While existing (copied) code worked between different versions, OOTB code was updated to include SSO changes. Was not picked up in testing.
more Debug data:
2024-10-21 08:36:36,093 DEBUG [ajp-nio-127.0.0.1-8011-exec-8] wt.workflow.engine.SSOConfiguredSignatureEngine henry- Entering validateSig method 2024-10-21 08:36:36,093 DEBUG [ajp-nio-127.0.0.1-8011-exec-8] wt.workflow.engine.SSOConfiguredSignatureEngine henry - SSOConfiguredSignatureEngine authenticated user of current session-> User name = henry inflated = true repository = com.utcaus.Ldap dn = uid=henry,ou=people,cn=administrativeldap,cn=windchill_11.1,o=ptc fullName = Henry Somebody last = Silva authenticationName = henry eMail = <henry's email> internal = false disabled = false repairNeeded = false attributes = {uid=[henry], email=[<henry's email>], preferredlanguage=[en-US], mail=[<henry's email>], organizationname=[MYORG], telephonenumber=[XXX-XXX-XXXX], cn=[Henry Somebody], postaladdress=[our address], authenticationname=[henry], o=[MyOrg], locale=[en-US], objectclass=[top, inetOrgPerson, organizationalPerson, person], fullname=[Henry Somebody], sn=[Somebody]} additional attributes = null 2024-10-21 08:36:36,093 DEBUG [ajp-nio-127.0.0.1-8011-exec-8] wt.workflow.engine.SSOConfiguredSignatureEngine henry - SSOConfiguredSignatureEngine authenticated user from SSO-> null 2024-10-21 08:36:36,093 INFO [ajp-nio-127.0.0.1-8011-exec-8] wt.workflow.engine.SSOConfiguredSignatureEngine henry- Entering isUserMatching method 2024-10-21 08:36:36,094 INFO [ajp-nio-127.0.0.1-8011-exec-8] wt.workflow.engine.SSOConfiguredSignatureEngine henry- SSO User matching: false 2024-10-21 08:36:36,094 ERROR [ajp-nio-127.0.0.1-8011-exec-8] wt.workflow.engine.SSOConfiguredSignatureEngine henry- Error in validating Signature (wt.org.electronicIdentity.engines.EnginesRB/6) wt.org.electronicIdentity.SignatureInvalidException: The user name entered does not match the user assigned to this task. Only the user assigned to this task can complete it.
Everything looks right. This worked before when we had LDAP to validate esignature. Test of esignature works but this one came right back saying null? That is odd. I might be isolated to a specific workflow task but very strange that this would be dependent on some tasks liking it an other not. This particular task does use JSP task template if that matters.
Traced issue to IDP_AUTHENTICATED_USER, "newIDPAuthorizedUser", being null. This might be related to a customization that did not pick up something that changed along the way but not sure. I will document but testing reversion now.
Resolving as this is likely related to some custom JSP I had done around the complete button. While existing (copied) code worked between different versions, OOTB code was updated to include SSO changes. Was not picked up in testing.