cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Redirection on session timeout

Highlighted
Level 1

Redirection on session timeout

How to redirect to organization form login page after thingworx session timeout ie, the time set in UserManagementSubsystem?

5 REPLIES 5

Re: Redirection on session timeout

I believe the only way right now is to use a custom Authenticator (although the authenticator could just be the piece to capture the timeout and redirect and not do any auth)

Re: Redirection on session timeout

Hi Reetam Kansabanik,

Like Pai mentioned, you would need a custom authenticator that when you find they are no longer authenticated, issue a server side “soft redirect” to their login page. We don’t have out of the box support for this in ThingWorx, so you need create an extension yourself.

 

1. please download ThingWorx Extension SDK from:https://support.ptc.com/appserver/auth/it/esd/product.jsp?prodFamily=TWX  

 

2.  Create an extension yourself following generic procedures how to create an extension. Remember to create a new java class extending CustomAuthenticator.

Example code that does this:

 

public class AuthenticatorImpl extends CustomAuthenticator
{
     private String user;
     private String requestUrl;
     private String password;
     private boolean isFormLogin;
     private boolean isRedirect;

 

    public AuthenticatorImpl()
     {
         user = null;
         requestUrl = null;
         password = null;
         isFormLogin = true;
         isRedirect = false;
     }

 

    public boolean matchesAuthRequest(HttpServletRequest httpRequest)
         throws AuthenticatorException
     {
         requestUrl = httpRequest.getRequestURL().toString();
         if((!requestUrl.contains("action-login")) & (!requestUrl.contains("FormLogin")))
         {
             isFormLogin = false;
             isRedirect = true;
             setRequiresChallenge(true);
         } else
         if(requestUrl.contains("action-login"))
         {
             user = httpRequest.getParameter("thingworx-form-userid");
             password = httpRequest.getParameter("thingworx-form-password");
         }
         return true;
     }

 

    public void authenticate(HttpServletRequest httpRequest, HttpServletResponse httpResponse)
         throws AuthenticatorException
     {
         setCredentials(user, password);
     }

 

    public void issueAuthenticationChallenge(HttpServletRequest httpRequest, HttpServletResponse httpResponse)
         throws AuthenticatorException
     {
         if(isRedirect)
         {
             String urlString = "/Thingworx/FormLogin/Everyone";//replace with your own organization
             try
             {
                 httpResponse.sendRedirect(urlString);
             }
             catch(IOException e)
             {
                 e.printStackTrace();

             }
         }
     }

 

}

 

3. Import the extension you created into ThingWorx platform, and then open Security->Authenticators,

you will find the authenticator you created, and please set a priority and click Enabled to take it into effect.

4. Next time when session time out or you manually log out, it will redirect you back to the Form login page.

Hope this helps,

Br,

Anna

 

 

Re: Redirection on session timeout

Hi Reetam Kansabanik,

Could you let us know of your new update for this issue? Is your issue resolved? Please mark correct answer or Helpful for the answer for the answers that helps you then we could close this topic and others will know how to do with the similar issue.

Thanks,

Br,

Anna

Re: Redirection on session timeout

Can you please help with my case which is similar to the above solution:

  1. 1. We are currently using composer for development activity
  2. 2. We are having the mashups for an application which uses Form-Login that runs on the same Thingworx
  3. 3. If I use the custom auth https://community.thingworx.com/message/55908#55908 , it fails for composer login. I would need the code snippet for issueAuthenticationChallenge method to redirect the session timeout popup to specific mashup page and this should work only for mashup application and not for composer flow.

Please help me with this.

Re: Redirection on session timeout

This solution is working fine in case the use tries to navigate to another page after timeout

 

but if the user tries to navigate using sub menu for example , I get a popup with the HTML code of the login page (check attached screenshot)

 

I think that's because switching submenu mashup happens using ajax/javascript , so redirection is sent back from authenticator but it is not handled by mashup, any solution in this case ?