cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Visit the PTCooler (the community lounge) to get to know your fellow community members and check out some of Dale's Friday Humor posts! X

Complete example of Custom Authenticator

wvalencak
2-Explorer

Complete example of Custom Authenticator

Hello,

Is there a complete example of a custom authenticator extension?  I have tried to create one from the HelloWorld extension, then extensions manual and the wiki entry for custom authenticators, but Thingworx doesn't detect it as an Authenticator. 

I have uploaded my eclipse project into the uploads area as SterisAuthenticator.zip and the built extension as SterisAuthenticator_extension.zip

13 REPLIES 13

William,

You're off to a good start. Your Authenticator project is structured properly, but there is an issue with your configuration that prevents ThingWorx from creating your Authenticator. After importing the extension that you provided, the following message appeared in the Application Log:


*** Unable to create Authenticator instance in Authenticator: AuthName=SterisAuthenticator, ClassName=com.steris.thingworx.extensions.SterisAuthenticators ***


You specified the className in metadata.xml when defining an Authenticator, however your class's name is actually

SterisAuthenticator

. After correcting this typo, the extension imports and the Authenticator is created.


I haven't seen you post in this forum previously, so I just want to mention that while you are free to post questions in this forum, we also have a new support site at support.ptc.com which has replaced the private forums that were used in the past to provide support. If you have any questions about the new support site, you can respond here and I'll get in touch with you by email.


Regards,

Adam



cpitts
1-Visitor
(To:adam11)

Hey.  Nevermind.  I got it to work.  I am curious if there's a java function to call in the CustomAuthenticator to make sure that it doesn't fall through to any other authentication types as I need to force the custom authentication to be the only authentication allowed.

Hello there

I know it's been long but I hope someone still has this authenticator, or another one, or any example to help me make one myself, pretty please.

if not, I still have some question unanswered :

- does this work like a classic Servlet and Thingworx doesn't do any magic with it, like changing the content or the headers of the request or the response

- what exactly is mandatory so I can use it to authenticate from a custom html form and get connected to Thingworx through an Organization and be on the mashup, if possible without the ugly URL (or, for starters, just emulating the FormLogin page)

I am also looking for a similar example. I just started with Authenticators any help will be appreciated.

ttielebein
14-Alexandrite
(To:wvalencak)

Hello, please check out this recently published KCS Article Overview on Custom Authenticators

jgabriel
13-Aquamarine
(To:ttielebein)

Hello,

I was following this article and I got stuck on few thing I could not find explained in docs. Basically I am trying to implement SSO with external system. My meta code is present here: Thingworx custom auth​.

Simply put I would like to implement this functionality:

public void authenticate(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws AuthenticatorException {

  // Check if user exists, if not create him with name this.user.

  // Check if this.groups exist and if not add them with no permissions.

  // Check this.user membership in groups by this.groups and add or remove him accordingly.

  // Login user.

  this.setCredentials(WebsealAuth.user);

}

I was trying to experiment like this:

User usr = (User)EntityUtilities.findEntity("Test", ThingworxRelationshipTypes.Users);

and


EntityServices es = new EntityServices();

InfoTable it = es.GetEntityList("User", null, null, 1.0);

es.CreateUser(username, "User Desc.", null, "randompassword");

with no luck, getting only null. What am I doing wrong?

Any tips and improvements on code or debugging​ flows (same problems) are welcomed.

Problem is pretty straight forward, so in case of comprehensive solution, we can probably use this as example for future reference somewhere.

Best regards Jan.

jgabriel
13-Aquamarine
(To:ttielebein)

Could you please clarify issueAuthenticationChallenge method?

No matter setRequiresChallenge(true/false), I always end up there... how do I gracefully fail, log massage and pass to another Auth?

This is what I come up with: Thingworx custom AutoAuth · GitHub and it works but only if I throw AuthenticatorException in issueAuthenticationChallenge  method.

jgabriel
13-Aquamarine
(To:jgabriel)

There is something I was able to come up with...

GitHub - Foxoncz/tw-autoauth-ext

setRequiresChallenge(true/false) is not clear to me and I was unable to communicate with platform...

Hi everyone,

Not long after I posted this question, I finally got something to work a bit

I'm posting it here only now after getting many notifications, several months after the original non-answer because I stopped working with TW and could not find it on my disk

Now I found it again, it's clearly not perfect, and maybe it does not even work on more recent versions (6.5 I think at the time) but I hope it helps, (and it did work back then, with my own JSP/J2EE login page !).

You can access it HERE

If there's any questions I'll continue to answer them. (i'll be quicker if you post issues on Github )

Good luck

Hi,

I have created custom authenticator and trying to send UserName and Password but i need to know the url, how to access the custom authenticator ?

ttielebein
14-Alexandrite
(To:tayyasamy)

If the custom authenticator is imported and enabled in ThingWorx, it will be accessed automatically. The login process runs through each authenticator in order of priority and calls the matchesAuthRequest method first to determine if the authenticator fits in that situation.

We're currently also discussing this issue within Case 13319467

There might be multiple authentication mechanisms required within the Webseal environment. What I've seen from the customer so far on Windchill integration side, there are multiple Webseals that first need to allow communication between two servers before the involved parties can authenticate against each other.

jgabriel
13-Aquamarine
(To:wvalencak)

Here is complete example of autentificator that parses header:

Thingworx custom header Authentificator with optional blacklist or whitelists. · GitHub

Announcements


Top Tags