cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - If community subscription notifications are filling up your inbox you can set up a daily digest and get all your notifications in a single email. X

How to configure Thingworx as a client with certificate authentification.

Go to solution
jgabriel
13-Aquamarine
13-Aquamarine
‎May 16, 2017 03:48 AM
‎May 16, 2017 03:48 AM

How to configure Thingworx as a client with certificate authentification.

We are using 3rd party user data provider, LDAP, with WebService that needs certificate authentication. In this scenerio, Thingworx is client, so I configured tomcat/java arguments like this:

-Djavax.net.ssl.trustStore=C:/Users/user/Downloads/truststore.jks

-Djavax.net.ssl.trustStorePassword=

-Djavax.net.ssl.keyStore=C:/Users/user/Downloads/ws.jks

-Djavax.net.ssl.keyStorePassword=password


But when I make an HTTPS request, I noticed that the certificate authentication doesn't work (HTTP 403) in ThingWorx. From SSL debug logs it seems, that Thingworx does not use provided certificates. Keystores are cotrrect, my java test app works as expected with them, so we can rule that out.


Currently, there is opened support ticket with PTC.

Does anyone tried to achieve that? Hot to configure Tomcat? Any ideas, why it is not working?

Environment:

ThingWorx: 7.3.3-b67

Tomcat: 8.0.42

Labels:
0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
jgabriel
13-Aquamarine
13-Aquamarine
(To:jgabriel)
‎Jun 01, 2017 01:57 AM
‎Jun 01, 2017 01:57 AM

Content loader functions does not support ssl contex from underling JAVA, as result no request from JS gets authorized with certificates.

Tomcat configuration is correct, you just have to use JAVA to build custom functionality.

View solution in original post

Notify Moderator
7 REPLIES 7
posipova
20-Turquoise
20-Turquoise
(To:jgabriel)
‎May 16, 2017 11:00 AM
‎May 16, 2017 11:00 AM

Adding this for TS reference, support number:

13662500
Notify Moderator
ttielebein
14-Alexandrite
14-Alexandrite
(To:jgabriel)
‎May 16, 2017 11:00 AM
‎May 16, 2017 11:00 AM

Are you just trying to configure Tomcat in 443? There is documentation on this in KCS.

0 Kudos
Notify Moderator
jgabriel
13-Aquamarine
13-Aquamarine
(To:ttielebein)
‎May 16, 2017 11:11 AM
‎May 16, 2017 11:11 AM

No, as a client to other server.

0 Kudos
Notify Moderator
jgabriel
13-Aquamarine
13-Aquamarine
(To:jgabriel)
‎Jun 01, 2017 01:57 AM
‎Jun 01, 2017 01:57 AM

Content loader functions does not support ssl contex from underling JAVA, as result no request from JS gets authorized with certificates.

Tomcat configuration is correct, you just have to use JAVA to build custom functionality.

Notify Moderator
jgabriel
13-Aquamarine
13-Aquamarine
(To:jgabriel)
‎Jun 01, 2017 09:52 AM
‎Jun 01, 2017 09:52 AM

Example i recieved from support:

String username = ....;
String groupName = ...;

TransactionFactory.beginTransactionRequired();
ThreadLocalContext.setSecurityContext(SecurityContext.createSuperUserContext());
EntityServices x = (EntityServices) EntityUtilities.findEntity("EntityServices", ThingworxRelationshipTypes.Resource);
x.CreateUser(username, null, null, username);
User user = (User) EntityUtilities.findEntity(username, ThingworxRelationshipTypes.User);
Group grp = (Group) EntityUtilities.findEntity(groupName, ThingworxRelationshipTypes.Group);
if (grp != null) {
    user.addGroup(grp);
}
TransactionFactory.endTransactionRequired();

Is there any place where you can find examples like this?


For example how do I figure that I have to first invoke:

  1. ThreadLocalContext.setSecurityContext(SecurityContext.createSuperUserContext());

That is something that I am not able to get from JavaDoc…

0 Kudos
Notify Moderator
sarathi
14-Alexandrite
14-Alexandrite
(To:jgabriel)
‎Aug 17, 2018 12:21 AM
‎Aug 17, 2018 12:21 AM

Hi @jgabriel did u solve above problem if solved means help me to how to resolve that problem regarding certificate based client authentication  because i am also facing same problem....

0 Kudos
Notify Moderator
jgabriel
13-Aquamarine
13-Aquamarine
(To:sarathi)
‎Aug 20, 2018 01:41 AM
‎Aug 20, 2018 01:41 AM

Javascript content loader functions are unable (tested on TW 7.3) to use certificates.

 

Please see: https://serverfault.com/questions/845141/where-to-put-certificates-in-tomcat-when-app-acts-as-client

Notify Moderator
Announcements


Contact Community Management
Top Tags