Thank you for the quick reply.

I was able to do the redirection.

So now, whenever they type the server, it redirects to ThingWorx.

Maybe it's unclear for the second part.

instead of having this Authentication prompt message(img1), I would like to get to the FormLogin (img2) without having to type /FormLogin/Everyone

I would like to redirect to this :

Okay, thank you.

I know it is possible as my customer, who is using ThingWorx 6.5 is doing it.

I would want to do the same for an internal server..

I wanted to find out how to do it, instead of asking them.

If you do find how to do it, it would be nice to let me know.

Otherwise, I will ask my customer.

Good Thank you ! The second link has worked for me !

Glad it worked! Thank you for your time and patience.

Can you please help with my case which is similar to the above solution:

1. 1. We are currently using composer for development activity
2. 2. We are having the mashups for an application which uses Form-Login that runs on the same Thingworx
3. 3. If I use the custom auth https://community.thingworx.com/message/55908#55908 , it fails for composer login. I would need the code snippet for issueAuthenticationChallenge method to redirect the session timeout popup to specific mashup page and this should work only for mashup application and not for composer flow.

Please help me with this.

Frederik Grondin​ is this the method you have used in your implementation?

Here is the code of the Authenticator.

Basically, whenever you are pressing the Login button in the browser, It will execute the Method Authenticate.

In there, you basically implement your logic to authenticate. In this code, if either the user or the password is empty, it throws an error. In the Catch block, it's setting redirect to true and setRequiresChallenge to true (which will execute the method IssueAuthenticationChallenge). In that method, if redirect is true, then it redirects the user to formLogin....

If the user is good then continue to the home mashup set in the organization.

import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.thingworx.common.SharedConstants;
import com.thingworx.security.authentication.AuthenticationUtilities;
import com.thingworx.security.authentication.AuthenticatorException;
import com.thingworx.security.authentication.CustomAuthenticator;
import ch.qos.logback.classic.Logger;
public class LoginAuthenticator extends CustomAuthenticator {
    private String user;  
    private String requestUrl;  
    private String password;  
    private boolean isFormLogin;  
    private boolean isRedirect; 
public LoginAuthenticator() {
        user = null;  
        requestUrl = null;  
        password = null;  
        isFormLogin = true;  
        isRedirect = false;  
}
@Override
    public boolean matchesAuthRequest(HttpServletRequest httpRequest)  
            throws AuthenticatorException  
        {  
            requestUrl = httpRequest.getRequestURL().toString();  
            if((!requestUrl.contains("action-login")) & (!requestUrl.contains("FormLogin")))  
            {  
                isFormLogin = false;  
                isRedirect = true;  
                setRequiresChallenge(true);  
            } else  
            if(requestUrl.contains("action-login"))  
            {  
                user = httpRequest.getParameter("thingworx-form-userid");  
                password = httpRequest.getParameter("thingworx-form-password");  
            }  
            return true;  
        }  
       
@Override
   public void authenticate(HttpServletRequest httpRequest, HttpServletResponse httpResponse)  
        throws AuthenticatorException  
    {  
        try {
if(user.isEmpty() || password.isEmpty()){
getApplicationLogger().error("The username or password is empty");
throw(new AuthenticatorException("The username or password is empty"));
}
AuthenticationUtilities.validateCredentials(user, password);
            setCredentials(user, password);  
AuthenticationUtilities.getSecurityMonitorThing().fireSuccessfulLoginEvent("<a valid account with rights to the Mashup>", SharedConstants.EMPTY_STRING);
} catch (Exception e) {
// TODO Auto-generated catch block
isRedirect = true;
super.setRequiresChallenge(true);
e.printStackTrace();
}
    }  
@Override
   public void issueAuthenticationChallenge(HttpServletRequest httpRequest, HttpServletResponse httpResponse)  
        throws AuthenticatorException  
    {  
        if(isRedirect)  
        {  
            String urlString = "/Thingworx/FormLogin/Everyone";//replace with your own organization  
            try  
            {  
                httpResponse.sendRedirect(urlString);  
            }  
            catch(IOException e)  
            {  
                e.printStackTrace();  
            }  
        }  
    }  
}