Community Tip - Visit the PTCooler (the community lounge) to get to know your fellow community members and check out some of Dale's Friday Humor posts! X
Hi,
I'm working on integrating ThingWorx 9.1 with a 3rd party IdP product (not microsoft active directory and azure). In this case , I could use PingFederate as Service Provider to the IdP and use SAML authentication to get the user info according to the help document.
However , the IdP product seems only support OAuth2.0 and PingFederate as SP doesn't support OAuth2.0 (see the attached picture).
So, what's the official solution for the case to enabling SSO ?
Is it feasible to create a customized authenticator which communicates with IdP via OAuth2.0 to authenticate user and get user info ? The customer use Flow as well and ThingWorx servers are deployed in cluster mode , will this situation affect the customized authenticator ?
Regards,
Sean
Solved! Go to Solution.
All the supported ThingWorx SSO architecture are based on SAML and Oauth with Pingfederate and your IDP. Still if you want to study what are the various option/API for custom authenticator in ThingWorx you can go through this - https://www.ptc.com/en/support/article/CS244163
Thanks,
Mukul Narang
Are you trying to authenticate the user using OAuth2.0 ? PingFederate does support OAuth2.0 for authorization support(for access and refresh tokens - https://docs.pingidentity.com/bundle/pingfederate-90/page/adminGuide/oAuth2.0.html#:~:text=OAuth%202.0%20defines%20a%20protocol,and%20non%2DREST%20APIs).&text=The%20attributes%20are%20used%20by,the%20call%20and%20authorize%20access.
). For Authentication PingFederate use SAML and for authorization OAuth2.0 , I hope your 3rd party IDP must be using something for user authentication, as OAuth2.0 is not an authentication protocol - https://oauth.net/articles/authentication/
Let me know if I understood your query in wrong fashion.
Thanks,
Mukul Narang
@mnarang ,
I understand OAuth2.0 is not an authentication protocol.
The IdP system they're using does support SAML 2.0, but it needs the IdP system provider to assign their engineer to work with us and may cause additional cost. So the customer ask all of software providers , not only us, to use the OAuth URL APIs to integrate with their IdP system, the URLs include how to get authorization code and how to get the authorization token, the token value contains a user id field . The IdP client then need to save the token in
So I wonder if it's feasible to create a customized SSO authenticator ?
Regards,
Sean
All the supported ThingWorx SSO architecture are based on SAML and Oauth with Pingfederate and your IDP. Still if you want to study what are the various option/API for custom authenticator in ThingWorx you can go through this - https://www.ptc.com/en/support/article/CS244163
Thanks,
Mukul Narang
Hi @seanccc.
If you feel your question has been answered, please mark the appropriate response as the Accepted Solution for the benefit of others with the same question.
Regards.
--Sharon