cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you know you can set a signature that will be added to all your posts? Set it here! X

Is it possible to create customzed SSO authenticator ?

seanccc
17-Peridot

Is it possible to create customzed SSO authenticator ?

Hi, 

I'm working on integrating ThingWorx 9.1 with a 3rd party IdP product (not microsoft active directory and azure).  In this case , I could use PingFederate as Service Provider to the IdP and use SAML authentication to get the user info according to the help document.   

However ,  the IdP product seems only support OAuth2.0 and PingFederate as SP doesn't support OAuth2.0 (see the attached picture).   

So, what's the official solution for the case to enabling SSO ?   

Is it feasible to create a  customized authenticator which communicates with IdP via OAuth2.0 to authenticate user and get user info ?   The customer use Flow as well and ThingWorx servers are deployed in cluster mode ,  will this situation affect the customized authenticator ? 

 

Regards,

Sean

 

seanccc_1-1612778809638.png

 

 

ACCEPTED SOLUTION

Accepted Solutions
mnarang
17-Peridot
(To:seanccc)

All the supported ThingWorx SSO architecture are based on SAML and Oauth with Pingfederate and your IDP. Still if you want to study what are the various option/API for custom authenticator in ThingWorx you can go through this - https://www.ptc.com/en/support/article/CS244163

 

 

 

Thanks,

Mukul Narang

View solution in original post

4 REPLIES 4
mnarang
17-Peridot
(To:seanccc)

Are you trying to authenticate the user using OAuth2.0 ? PingFederate does support OAuth2.0 for authorization support(for access and refresh tokens - https://docs.pingidentity.com/bundle/pingfederate-90/page/adminGuide/oAuth2.0.html#:~:text=OAuth%202.0%20defines%20a%20protocol,and%20non%2DREST%20APIs).&text=The%20attributes%20are%20used%20by,the%20call%20and%20authorize%20access.

). For Authentication PingFederate use SAML and for authorization OAuth2.0 , I hope your 3rd party IDP must be using something for user authentication, as OAuth2.0 is not an authentication protocol - https://oauth.net/articles/authentication/

 

Let me know if I understood your query in wrong fashion.

 

Thanks,

Mukul Narang

seanccc
17-Peridot
(To:mnarang)

@mnarang ,

I understand OAuth2.0 is not an authentication protocol.

 

The IdP system they're using does support  SAML 2.0,  but it needs the IdP system provider to assign their engineer to work with us and may cause additional cost.   So the customer ask all of software providers , not only us,  to use the OAuth URL APIs to integrate with their IdP system, the URLs include how to get authorization code and how to get the authorization token, the token value contains a user id field .   The IdP client then need to save the token in

 

So I wonder if it's feasible to create a customized SSO authenticator ? 

 

Regards,

Sean

mnarang
17-Peridot
(To:seanccc)

All the supported ThingWorx SSO architecture are based on SAML and Oauth with Pingfederate and your IDP. Still if you want to study what are the various option/API for custom authenticator in ThingWorx you can go through this - https://www.ptc.com/en/support/article/CS244163

 

 

 

Thanks,

Mukul Narang

slangley
23-Emerald II
(To:seanccc)

Hi @seanccc.

 

If you feel your question has been answered, please mark the appropriate response as the Accepted Solution for the benefit of others with the same question.

 

Regards.

 

--Sharon

Announcements


Top Tags