Community Tip - Learn all about PTC Community Badges. Engage with PTC and see how many you can earn! X
To setup the Single-Sign On with Windchill, we can just follow steps in Windchill extension guide. However, there is a huge problem to use "Websocket" for EMS or Edge SDKs from devices since Apache for Windchill blocks to pass "ws" or "wss" protocol. It's like a problem of a proxy server. There might be a couple of ways to avoid this issue, but I suggest to change filter-mappings for the SSO filter. When you look at the Windchill extension guide, it says that users set filters for all incoming URLs of ThingWorx by using "/*" filter mappings. Please use below settings for "web.xml" of ThingWorx server to avoid the problem that I stated above. It looks quite long and complicated, but basically the filter mappings from settings for "AuthenticationFilter" which are already defined by default except "Websocket" related urls.
<!-- Windchill Extension SSO Start-->
<filter>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<filter-class>com.ptc.connected.plm.thingworx.wc.idp.client.filter.IdentityProviderAuthenticationFilter</filter-class>
<init-param>
<param-name>idpLoginUrl</param-name>
<param-value>http(s)://<SERVERHOSTURL>/Windchill/wtcore/jsp/genIdKey.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/extensions/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/action-authenticate/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/action-login/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/action-confirm-creds/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/action-change-password/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/ThingworxMain.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/ThingworxMain.html/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Server/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/ApplicationKeys/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Networks/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Dashboards/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/DirectoryServices/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Authenticators/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/PersistenceProviderPackages/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/tunnel/wsadapter.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/tunnel/adapter.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Logs/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Resources/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Subsystems/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Users/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Home/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/StateDefinitions/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/StyleDefinitions/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/ScriptFunctionLibraries/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/AtomFeedService/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/DataShapes/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Importer/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/ImageEncoder/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Exporter/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/ExportDatabase/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/ExportTheme/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/ExportDefaultEntities/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/ImportDatabase/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/DataExporter/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/DataImporter/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Widgets/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Groups/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/ThingPackages/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Things/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/ThingTemplates/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/ThingShapes/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/DataTags/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/ModelTags/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Composer/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Squeal/index.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Runtime/index.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Mashups/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Menus/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/MediaEntities/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/loaders/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/demos/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/ExtensionPackageUploader/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/ExtensionPackages/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/FileRepositoryUploader/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/FileRepositoryDownloader/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/FileRepositories/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/xmpp/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/LocalizationTables/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/Organizations/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/RemoteTunnel/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderAuthenticationFilter</filter-name>
<url-pattern>/PersistenceProviders/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<filter-class>com.ptc.connected.plm.thingworx.wc.idp.client.filter.IdentityProviderKeyValidationFilter</filter-class>
<init-param>
<param-name>keyValidationUrl</param-name>
<param-value>http(s)://<SERVERHOSTURL>/Windchill/login/validateIdKey.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/extensions/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/action-authenticate/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/action-login/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/action-confirm-creds/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/action-change-password/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/ThingworxMain.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/ThingworxMain.html/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Server/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/ApplicationKeys/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Networks/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Dashboards/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/DirectoryServices/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Authenticators/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/PersistenceProviderPackages/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/tunnel/wsadapter.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/tunnel/adapter.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Logs/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Resources/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Subsystems/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Users/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Home/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/StateDefinitions/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/StyleDefinitions/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/ScriptFunctionLibraries/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/AtomFeedService/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/DataShapes/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Importer/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/ImageEncoder/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Exporter/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/ExportDatabase/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/ExportTheme/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/ExportDefaultEntities/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/ImportDatabase/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/DataExporter/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/DataImporter/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Widgets/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Groups/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/ThingPackages/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Things/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/ThingTemplates/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/ThingShapes/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/DataTags/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/ModelTags/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Composer/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Squeal/index.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Runtime/index.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Mashups/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Menus/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/MediaEntities/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/loaders/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/demos/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/ExtensionPackageUploader/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/ExtensionPackages/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/FileRepositoryUploader/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/FileRepositoryDownloader/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/FileRepositories/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/xmpp/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/LocalizationTables/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/Organizations/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/RemoteTunnel/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityProviderKeyValidationFilter</filter-name>
<url-pattern>/PersistenceProviders/*</url-pattern>
</filter-mapping>
<!-- Windchill Extension SSO End-->
This is fantastic! Thank you, Daniel!
After this modification is in place, simulators that communicate to TWX via websockets will work again when Windchill is configured as the Identity Provider (i.e. the Steam Sensor example from the SDK and Moritz's Excel Based Simulator).
Regards,
Steve
Daniel,
Have you updated this file for ThingWorx 7.1 yet?
Thanks,
Steve