cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you know you can set a signature that will be added to all your posts? Set it here! X

How to configure Thingworx as a client with certificate authentification.

jgabriel
13-Aquamarine

How to configure Thingworx as a client with certificate authentification.

We are using 3rd party user data provider, LDAP, with WebService that needs certificate authentication. In this scenerio, Thingworx is client, so I configured tomcat/java arguments like this:

-Djavax.net.ssl.trustStore=C:/Users/user/Downloads/truststore.jks

-Djavax.net.ssl.trustStorePassword=

-Djavax.net.ssl.keyStore=C:/Users/user/Downloads/ws.jks

-Djavax.net.ssl.keyStorePassword=password


But when I make an HTTPS request, I noticed that the certificate authentication doesn't work (HTTP 403) in ThingWorx. From SSL debug logs it seems, that Thingworx does not use provided certificates. Keystores are cotrrect, my java test app works as expected with them, so we can rule that out.


Currently, there is opened support ticket with PTC.

Does anyone tried to achieve that? Hot to configure Tomcat? Any ideas, why it is not working?

Environment:

ThingWorx: 7.3.3-b67

Tomcat: 8.0.42

ACCEPTED SOLUTION

Accepted Solutions
jgabriel
13-Aquamarine
(To:jgabriel)

Content loader functions does not support ssl contex from underling JAVA, as result no request from JS gets authorized with certificates.

Tomcat configuration is correct, you just have to use JAVA to build custom functionality.

View solution in original post

7 REPLIES 7
posipova
20-Turquoise
(To:jgabriel)

Adding this for TS reference, support number:

13662500
ttielebein
14-Alexandrite
(To:jgabriel)

Are you just trying to configure Tomcat in 443? There is documentation on this in KCS.

jgabriel
13-Aquamarine
(To:ttielebein)

No, as a client to other server.

jgabriel
13-Aquamarine
(To:jgabriel)

Content loader functions does not support ssl contex from underling JAVA, as result no request from JS gets authorized with certificates.

Tomcat configuration is correct, you just have to use JAVA to build custom functionality.

jgabriel
13-Aquamarine
(To:jgabriel)

Example i recieved from support:

String username = ....;
String groupName = ...;

TransactionFactory.beginTransactionRequired();
ThreadLocalContext.setSecurityContext(SecurityContext.createSuperUserContext());
EntityServices x = (EntityServices) EntityUtilities.findEntity("EntityServices", ThingworxRelationshipTypes.Resource);
x.CreateUser(username, null, null, username);
User user = (User) EntityUtilities.findEntity(username, ThingworxRelationshipTypes.User);
Group grp = (Group) EntityUtilities.findEntity(groupName, ThingworxRelationshipTypes.Group);
if (grp != null) {
    user.addGroup(grp);
}
TransactionFactory.endTransactionRequired();

Is there any place where you can find examples like this?


For example how do I figure that I have to first invoke:

  1. ThreadLocalContext.setSecurityContext(SecurityContext.createSuperUserContext());

That is something that I am not able to get from JavaDoc…

sarathi
14-Alexandrite
(To:jgabriel)

Hi @jgabriel did u solve above problem if solved means help me to how to resolve that problem regarding certificate based client authentication  because i am also facing same problem....

jgabriel
13-Aquamarine
(To:sarathi)

Javascript content loader functions are unable (tested on TW 7.3) to use certificates.

 

Please see: https://serverfault.com/questions/845141/where-to-put-certificates-in-tomcat-when-app-acts-as-client

Announcements


Top Tags