Skip to main content
V
19-Tanzanite
Velkumar19-Tanzanite
19-Tanzanite
May 30, 2024
Solved

SSO : The request was rejected because the URL contained a potentially malicious String "%25"

  • May 30, 2024
  • 2 replies
  • 3334 views

Hello Community,

 

We are trying to enable SSO on Thingworx with AD FS. When we access Thingworx it throw below error message 

 

[L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-443-exec-19] [ The request was rejected because the URL contained a potentially malicious String "%25" ]
[L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-443-exec-10] [ Error validating SAML message ][ NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration ]
[L: ERROR] [O: S.c.t.s.a.AuthenticatorExceptionHandler] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-443-exec-7] [ Error validating SAML message ][ NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration ]
[L: ERROR] [O: S.c.t.s.a.s.ThingworxSSOAuthenticator] [I: ] [U: ???] [S: ] [P: ] [T: https-openssl-nio-443-exec-16] [ Failed to utilize the SSO component for authentication ][ The request was rejected because the URL contained a potentially malicious String "%25" ]

 

Could someone help me on this

 

Thanks

VR

Best answer by Velkumar

With support of PTC, we managed to fix the issue.

 

Error Message :

[ The request was rejected because the URL contained a potentially malicious String "%25" ]

In sso-settings.json, file path was mentioned using backslash "\\" changed to frontslash "//"

 

Example :

Instead of  

"C:\\PTC\\idp-metadata.xml"

use

"C://PTC//idp-metadata.xml"

 

For error message :

[ Error validating SAML message ][ NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration ]

 

Add NameID in SAML response subject. This should be changed in IDP side

 

For AD FS refer below link 

 

Authentication Failed: Error validating SAML message : NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration - Progress Community

 

/VR

2 replies

S
Surya_Tiwari16-Pearl
16-Pearl
May 30, 2024

Hi @Velkumar  Remove special characters "%", ";", "\", "/" from file name

Check documentation  Windchill Help Center > Windchill Fundamentals > Working with Windchill Objects > Object Overview > Special characters 

V
19-Tanzanite
Velkumar19-TanzaniteAuthor
19-Tanzanite
May 30, 2024

Hi @Surya_Tiwari 

 

I went through this article - CS327941 - Error "The request was rejected because the URL contained a potentially malicious String "%25"" reported in MethodServer.log when donwloading a file from Navigate with SSO enabled (ptc.com)

 

I think it is not applicable for my use case. Here I'm trying to integrate ADFS and Thingworx. While authentication I'm facing this error message

 

/VR

V
19-Tanzanite
Velkumar19-TanzaniteAuthorAnswer
19-Tanzanite
June 3, 2024

With support of PTC, we managed to fix the issue.

 

Error Message :

[ The request was rejected because the URL contained a potentially malicious String "%25" ]

In sso-settings.json, file path was mentioned using backslash "\\" changed to frontslash "//"

 

Example :

Instead of  

"C:\\PTC\\idp-metadata.xml"

use

"C://PTC//idp-metadata.xml"

 

For error message :

[ Error validating SAML message ][ NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration ]

 

Add NameID in SAML response subject. This should be changed in IDP side

 

For AD FS refer below link 

 

Authentication Failed: Error validating SAML message : NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration - Progress Community

 

/VR

P
Prasad_N5-Regular Member
5-Regular Member
July 2, 2024

Hello Velkumar,

 

   I have a requirement  to enable SSO on Thingworx with AD FS. Do you have any resources to implement this feature.

V
19-Tanzanite
Velkumar19-TanzaniteAuthor
19-Tanzanite
July 4, 2024

Hi @Prasad_N 

 

Configuring Authentication with AD FS (ptc.com)

 

/VR

Terms & ConditionsCookie settingsAccessibility statement