Security > Single Sign-on Authentication > Configure ThingWorx for Single Sign-On > Configure the validation.properties File
  
Configure the validation.properties File
SAML responses use characters that might not be enabled in your REGEX. To ensure that characters are enabled in your REGEX, complete the following steps:
1. Edit the validation.properties file in the ThingworxStorage\esapi\ directory.
2. In the validation rules section of the file, add a Validator.HTTPParameterValue entry for requests with a SAMLResponse parameter. If you are using PingFederate as the CAS, this entry should be entered as follows:
Validator.HTTPParameterValue_SAMLResponse=^[a-zA-Z0-9+\/=]*$
If you are implementing any other CAS, refer to your selected CAS product documentation or to SAML standards for characters that are required in SAML responses for your environment.
* 
It is highly recommended that you verify that the REGEX specified in this file does not allow characters that could introduce security concerns in your environment.