Community Tip - Want the oppurtunity to discuss enhancements to PTC products? Join a working group! X
We are using 3rd party user data provider, LDAP, with WebService that needs certificate authentication. In this scenerio, Thingworx is client, so I configured tomcat/java arguments like this:
-Djavax.net.ssl.trustStore=C:/Users/user/Downloads/truststore.jks
-Djavax.net.ssl.trustStorePassword=
-Djavax.net.ssl.keyStore=C:/Users/user/Downloads/ws.jks
-Djavax.net.ssl.keyStorePassword=password
But when I make an HTTPS request, I noticed that the certificate authentication doesn't work (HTTP 403) in ThingWorx. From SSL debug logs it seems, that Thingworx does not use provided certificates. Keystores are cotrrect, my java test app works as expected with them, so we can rule that out.
Currently, there is opened support ticket with PTC.
Does anyone tried to achieve that? Hot to configure Tomcat? Any ideas, why it is not working?
Environment:
ThingWorx: 7.3.3-b67
Tomcat: 8.0.42
Solved! Go to Solution.
Content loader functions does not support ssl contex from underling JAVA, as result no request from JS gets authorized with certificates.
Tomcat configuration is correct, you just have to use JAVA to build custom functionality.
Adding this for TS reference, support number:
13662500 |
Are you just trying to configure Tomcat in 443? There is documentation on this in KCS.
No, as a client to other server.
Content loader functions does not support ssl contex from underling JAVA, as result no request from JS gets authorized with certificates.
Tomcat configuration is correct, you just have to use JAVA to build custom functionality.
Example i recieved from support:
String username = ....;
String groupName = ...;
TransactionFactory.beginTransactionRequired();
ThreadLocalContext.setSecurityContext(SecurityContext.createSuperUserContext());
EntityServices x = (EntityServices) EntityUtilities.findEntity("EntityServices", ThingworxRelationshipTypes.Resource);
x.CreateUser(username, null, null, username);
User user = (User) EntityUtilities.findEntity(username, ThingworxRelationshipTypes.User);
Group grp = (Group) EntityUtilities.findEntity(groupName, ThingworxRelationshipTypes.Group);
if (grp != null) {
user.addGroup(grp);
}
TransactionFactory.endTransactionRequired();
Is there any place where you can find examples like this?
For example how do I figure that I have to first invoke:
That is something that I am not able to get from JavaDoc…
Hi @jgabriel did u solve above problem if solved means help me to how to resolve that problem regarding certificate based client authentication because i am also facing same problem....
Javascript content loader functions are unable (tested on TW 7.3) to use certificates.
Please see: https://serverfault.com/questions/845141/where-to-put-certificates-in-tomcat-when-app-acts-as-client