cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can change your system assigned username to something more personal in your community settings. X

Azure AD and Thingworx SSO configuration

Go to solution
Velkumar
18-Opal
18-Opal
‎Feb 11, 2020 05:32 AM
‎Feb 11, 2020 05:32 AM

Azure AD and Thingworx SSO configuration

Hi all,

 

I'm trying to configure SSO for Thingworx, I followed this link, I got stuck at 'Browser SSO' configuration. (PFB PNG for reference)

 

SSO.PNG

 

Could any one help me with this.

 

Thanks in advance

 

/VR

0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
raluca_edu
17-Peridot
17-Peridot
(To:Velkumar)
‎Feb 19, 2020 07:30 AM
‎Feb 19, 2020 07:30 AM

Hi,

 

Steps to create a self-signed Application Layer certificate for PingFederate

  1. On the Digital Signature Settings, click on Manage Certificates
    1. On the Manage Digital Signing Certificate click on Create New
      1. Fill in the mandatory fields like
        1. Common Name = PingFederate
        2. Organization = your organization
  • Country = your country
  1. Validity = 3650
  1. Leave rest values as default and click Next
  2. Click Done on the Summary page
  1. Click Save on the Manage Digital Signing Certificate Page
  1. You will be now back to Digital Signature Settings Page

 

  1. Click on the checkbox “INCLUDE THE CERTIFICATE IN THE SIGNATURE <KEYINFO> ELEMENT.”

raluca_edu_0-1582115406517.png

 

  1. Click Next on the Digital Signature Settings Page
  2. On the Signature Verification Settings tab, click on Manage Signature Verification Settings
    1. On the Trust Model, select “UNANCHORED
    2. On the Signature Verification Certificate, select the Thingworx SP Signing Certificate and click Next.

 

When you visit this tab for the first time, there will be no certificate in the dropdown list. You can import the public part of the Thingworx signing certificate and choose it as Signature Verification Certificate

 

  • Click Done on the Summary page

View solution in original post

Notify Moderator
8 REPLIES 8
raluca_edu
17-Peridot
17-Peridot
(To:Velkumar)
‎Feb 11, 2020 11:37 AM
‎Feb 11, 2020 11:37 AM

Hi,

 

Follow these steps:

 

  1. In the PingFederate GUI navigate to the IDP Configuration page and locate the SP Connections section and click Create New.
  2. On the Connection Type tab, select the Browser SSO Profiles option to specify SAML 2.0 protocol.
  3. On the Connection Options tab, confirm Browser SSO is selected and click Next.
  4. On the Import Metadata tab, None should be selected. Click Next to accept this default.
  5. On the General Info tab, perform the following:
    1. Set Partner’s Entity ID (Connection ID) to a unique value. Make a note of this ID because you will use it when configuring the ThingWorx ssosettings.json file.
    2. Provide a descriptive name for the Connection Name This is the name that will be displayed in the PingFederate SP Connection list.
    3. Set Base URL to the URL where your web application (ThingWorx) service provider is hosted.

Example: http://<hostname>:8080

  1. On the Browser SSO tab, click Configure Browser SSO and perform the following instructions:
    1. On the SAML Profiles tab, select IDP-INITIATED SSO and SP-INITIATED SSO. Do not select any options in the Single Logout (SLO) Profiles column.
    2. On the Assertion Lifetime tab, specify:
      1. Minutes Before: 60
      2. Minutes After: 480

.......

 

Hope it helps,

Raluca Edu

0 Kudos
Notify Moderator
Velkumar
18-Opal
18-Opal
(To:raluca_edu)
‎Feb 11, 2020 11:00 PM
‎Feb 11, 2020 11:00 PM

Hi @raluca_edu 

 

Thanks for your response.

 

I followed your procedure, I have imported federation.xml file from Azure AD. While configuring, I got stuck in this page.

 

Velkumar_0-1581480184463.png

 

/VR

 

0 Kudos
Notify Moderator
raluca_edu
17-Peridot
17-Peridot
(To:Velkumar)
‎Feb 12, 2020 04:40 AM
‎Feb 12, 2020 04:40 AM

Hi,

 

Click Configure User-Session Creation and set it up.

After that configuration, always click next and you will be guided in the next step in PingFederate.

 

Best regards,

Raluca Edu

 

0 Kudos
Notify Moderator
Velkumar
18-Opal
18-Opal
(To:raluca_edu)
‎Feb 17, 2020 01:01 AM
‎Feb 17, 2020 01:01 AM

Hi @raluca_edu 

 

Is there any document which cover complete setup process. Because I'm new to SSO configuration, I feel very difficult to configure SSO.

 

Again I got stuck in this page,

Velkumar_0-1581919291840.png

 

/VR

 

 

 

0 Kudos
Notify Moderator
raluca_edu
17-Peridot
17-Peridot
(To:Velkumar)
‎Feb 17, 2020 03:10 AM
‎Feb 17, 2020 03:10 AM

Hi,

 

For documentation, please check PTC Single Sign-on Architecture and Configuration Overview Guidehttps://www.ptc.com/support/-/media/FF578D3876DE4C12ABB1E3EB4E1DA191.pdf?sc_lang=en

and this article: https://www.ptc.com/en/support/article/CS271789

 

Hope it helps,

Raluca Edu

0 Kudos
Notify Moderator
Velkumar
18-Opal
18-Opal
(To:raluca_edu)
‎Feb 18, 2020 11:46 PM
‎Feb 18, 2020 11:46 PM

Hi @raluca_edu 

 

Could you tell me how to configure certificate in PingFederate server ?

 

Velkumar_0-1582087588768.png

/VR

0 Kudos
Notify Moderator
raluca_edu
17-Peridot
17-Peridot
(To:Velkumar)
‎Feb 19, 2020 07:30 AM
‎Feb 19, 2020 07:30 AM

Hi,

 

Steps to create a self-signed Application Layer certificate for PingFederate

  1. On the Digital Signature Settings, click on Manage Certificates
    1. On the Manage Digital Signing Certificate click on Create New
      1. Fill in the mandatory fields like
        1. Common Name = PingFederate
        2. Organization = your organization
  • Country = your country
  1. Validity = 3650
  1. Leave rest values as default and click Next
  2. Click Done on the Summary page
  1. Click Save on the Manage Digital Signing Certificate Page
  1. You will be now back to Digital Signature Settings Page

 

  1. Click on the checkbox “INCLUDE THE CERTIFICATE IN THE SIGNATURE <KEYINFO> ELEMENT.”

raluca_edu_0-1582115406517.png

 

  1. Click Next on the Digital Signature Settings Page
  2. On the Signature Verification Settings tab, click on Manage Signature Verification Settings
    1. On the Trust Model, select “UNANCHORED
    2. On the Signature Verification Certificate, select the Thingworx SP Signing Certificate and click Next.

 

When you visit this tab for the first time, there will be no certificate in the dropdown list. You can import the public part of the Thingworx signing certificate and choose it as Signature Verification Certificate

 

  • Click Done on the Summary page
Notify Moderator
slangley
23-Emerald II
23-Emerald II
(To:Velkumar)
‎Feb 21, 2020 02:11 PM
‎Feb 21, 2020 02:11 PM

Hi @Velkumar.

 

If one of the previous responses answered your question, please mark the appropriate one as the Accepted Solution for the benefit of others with the same question.

 

Regards.

 

--Sharon

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags