cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Visit the PTCooler (the community lounge) to get to know your fellow community members and check out some of Dale's Friday Humor posts! X

Is it possible to create customzed SSO authenticator ?

Go to solution
seanccc
17-Peridot
17-Peridot
‎Feb 08, 2021 05:14 AM
‎Feb 08, 2021 05:14 AM

Is it possible to create customzed SSO authenticator ?

Hi, 

I'm working on integrating ThingWorx 9.1 with a 3rd party IdP product (not microsoft active directory and azure).  In this case , I could use PingFederate as Service Provider to the IdP and use SAML authentication to get the user info according to the help document.   

However ,  the IdP product seems only support OAuth2.0 and PingFederate as SP doesn't support OAuth2.0 (see the attached picture).   

So, what's the official solution for the case to enabling SSO ?   

Is it feasible to create a  customized authenticator which communicates with IdP via OAuth2.0 to authenticate user and get user info ?   The customer use Flow as well and ThingWorx servers are deployed in cluster mode ,  will this situation affect the customized authenticator ? 

 

Regards,

Sean

 

seanccc_1-1612778809638.png

 

 

Labels:
0 Kudos
Notify Moderator
1 ACCEPTED SOLUTION

Accepted Solutions
mnarang
17-Peridot
17-Peridot
(To:seanccc)
‎Feb 09, 2021 09:02 AM
‎Feb 09, 2021 09:02 AM

All the supported ThingWorx SSO architecture are based on SAML and Oauth with Pingfederate and your IDP. Still if you want to study what are the various option/API for custom authenticator in ThingWorx you can go through this - https://www.ptc.com/en/support/article/CS244163

 

 

 

Thanks,

Mukul Narang

View solution in original post

0 Kudos
Notify Moderator
4 REPLIES 4
mnarang
17-Peridot
17-Peridot
(To:seanccc)
‎Feb 08, 2021 06:18 AM
‎Feb 08, 2021 06:18 AM

Are you trying to authenticate the user using OAuth2.0 ? PingFederate does support OAuth2.0 for authorization support(for access and refresh tokens - https://docs.pingidentity.com/bundle/pingfederate-90/page/adminGuide/oAuth2.0.html#:~:text=OAuth%202.0%20defines%20a%20protocol,and%20non%2DREST%20APIs).&text=The%20attributes%20are%20used%20by,the%20call%20and%20authorize%20access.

). For Authentication PingFederate use SAML and for authorization OAuth2.0 , I hope your 3rd party IDP must be using something for user authentication, as OAuth2.0 is not an authentication protocol - https://oauth.net/articles/authentication/

 

Let me know if I understood your query in wrong fashion.

 

Thanks,

Mukul Narang

0 Kudos
Notify Moderator
seanccc
17-Peridot
17-Peridot
(To:mnarang)
‎Feb 09, 2021 02:26 AM
‎Feb 09, 2021 02:26 AM

@mnarang ,

I understand OAuth2.0 is not an authentication protocol.

 

The IdP system they're using does support  SAML 2.0,  but it needs the IdP system provider to assign their engineer to work with us and may cause additional cost.   So the customer ask all of software providers , not only us,  to use the OAuth URL APIs to integrate with their IdP system, the URLs include how to get authorization code and how to get the authorization token, the token value contains a user id field .   The IdP client then need to save the token in

 

So I wonder if it's feasible to create a customized SSO authenticator ? 

 

Regards,

Sean

0 Kudos
Notify Moderator
mnarang
17-Peridot
17-Peridot
(To:seanccc)
‎Feb 09, 2021 09:02 AM
‎Feb 09, 2021 09:02 AM

All the supported ThingWorx SSO architecture are based on SAML and Oauth with Pingfederate and your IDP. Still if you want to study what are the various option/API for custom authenticator in ThingWorx you can go through this - https://www.ptc.com/en/support/article/CS244163

 

 

 

Thanks,

Mukul Narang

0 Kudos
Notify Moderator
slangley
23-Emerald II
23-Emerald II
(To:seanccc)
‎Feb 18, 2021 03:37 PM
‎Feb 18, 2021 03:37 PM

Hi @seanccc.

 

If you feel your question has been answered, please mark the appropriate response as the Accepted Solution for the benefit of others with the same question.

 

Regards.

 

--Sharon

0 Kudos
Notify Moderator
Top Tags