cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Learn all about PTC Community Badges. Engage with PTC and see how many you can earn! X

Setting SSO with Windchill

No ratings

To setup the Single-Sign On with Windchill, we can just follow steps in Windchill extension guide. However, there is a huge problem to use "Websocket" for EMS or Edge SDKs from devices since Apache for Windchill blocks to pass "ws" or "wss" protocol. It's like a problem of a proxy server. There might be a couple of ways to avoid this issue, but I suggest to change filter-mappings for the SSO filter. When you look at the Windchill extension guide, it says that users set filters for all incoming URLs of ThingWorx by using "/*" filter mappings. Please use below settings for "web.xml" of ThingWorx server to avoid the problem that I stated above. It looks quite long and complicated, but basically the filter mappings from settings for "AuthenticationFilter" which are already defined by default except "Websocket" related urls.

<!-- Windchill Extension SSO Start-->

<filter>

<filter-name>IdentityProviderAuthenticationFilter</filter-name>

<filter-class>com.ptc.connected.plm.thingworx.wc.idp.client.filter.IdentityProviderAuthenticationFilter</filter-class>

<init-param>

<param-name>idpLoginUrl</param-name>

<param-value>http(s)://<SERVERHOSTURL>/Windchill/wtcore/jsp/genIdKey.jsp</param-value>

</init-param>

</filter>

<filter-mapping>

  <filter-name>IdentityProviderAuthenticationFilter</filter-name>

  <url-pattern>/extensions/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/action-authenticate/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/action-login/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/action-confirm-creds/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/action-change-password/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/ThingworxMain.html</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/ThingworxMain.html/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Server/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/ApplicationKeys/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Networks/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Dashboards/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/DirectoryServices/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Authenticators/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/PersistenceProviderPackages/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/tunnel/wsadapter.jsp</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/tunnel/adapter.jsp</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Logs/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Resources/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Subsystems/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Users/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Home/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/StateDefinitions/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/StyleDefinitions/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/ScriptFunctionLibraries/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/AtomFeedService/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/DataShapes/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Importer/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/ImageEncoder/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Exporter/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/ExportDatabase/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/ExportTheme/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/ExportDefaultEntities/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/ImportDatabase/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/DataExporter/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/DataImporter/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Widgets/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Groups/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/ThingPackages/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Things/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/ThingTemplates/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/ThingShapes/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/DataTags/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/ModelTags/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Composer/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Squeal/index.html</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Runtime/index.html</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Mashups/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Menus/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/MediaEntities/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/loaders/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/demos/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/ExtensionPackageUploader/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/ExtensionPackages/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/FileRepositoryUploader/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/FileRepositoryDownloader/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/FileRepositories/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/xmpp/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/LocalizationTables/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/Organizations/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/RemoteTunnel/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderAuthenticationFilter</filter-name>

    <url-pattern>/PersistenceProviders/*</url-pattern>

  </filter-mapping>

<filter>

<filter-name>IdentityProviderKeyValidationFilter</filter-name>

<filter-class>com.ptc.connected.plm.thingworx.wc.idp.client.filter.IdentityProviderKeyValidationFilter</filter-class>

<init-param>

<param-name>keyValidationUrl</param-name>

<param-value>http(s)://<SERVERHOSTURL>/Windchill/login/validateIdKey.jsp</param-value>

</init-param>

</filter>

<filter-mapping>

  <filter-name>IdentityProviderKeyValidationFilter</filter-name>

  <url-pattern>/extensions/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/action-authenticate/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/action-login/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/action-confirm-creds/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/action-change-password/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/ThingworxMain.html</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/ThingworxMain.html/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Server/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/ApplicationKeys/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Networks/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Dashboards/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/DirectoryServices/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Authenticators/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/PersistenceProviderPackages/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/tunnel/wsadapter.jsp</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/tunnel/adapter.jsp</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Logs/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Resources/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Subsystems/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Users/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Home/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/StateDefinitions/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/StyleDefinitions/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/ScriptFunctionLibraries/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/AtomFeedService/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/DataShapes/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Importer/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/ImageEncoder/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Exporter/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/ExportDatabase/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/ExportTheme/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/ExportDefaultEntities/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/ImportDatabase/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/DataExporter/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/DataImporter/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Widgets/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Groups/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/ThingPackages/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Things/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/ThingTemplates/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/ThingShapes/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/DataTags/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/ModelTags/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Composer/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Squeal/index.html</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Runtime/index.html</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Mashups/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Menus/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/MediaEntities/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/loaders/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/demos/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/ExtensionPackageUploader/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/ExtensionPackages/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/FileRepositoryUploader/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/FileRepositoryDownloader/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/FileRepositories/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/xmpp/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/LocalizationTables/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/Organizations/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/RemoteTunnel/*</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>IdentityProviderKeyValidationFilter</filter-name>

    <url-pattern>/PersistenceProviders/*</url-pattern>

  </filter-mapping>

<!-- Windchill Extension SSO End-->

Comments

This is fantastic!  Thank you, Daniel!

After this modification is in place, simulators that communicate to TWX via websockets will work again when Windchill is configured as the Identity Provider (i.e. the Steam Sensor example from the SDK and Moritz's Excel Based Simulator).

Regards,

Steve

Daniel,

Have you updated this file for ThingWorx 7.1 yet?

Thanks,

Steve

Version history
Last update:
‎Mar 31, 2016 09:09 AM
Updated by:
Labels (2)