cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Want the oppurtunity to discuss enhancements to PTC products? Join a working group! X

Redirection on session timeout

rkansabanik
2-Explorer

Redirection on session timeout

How to redirect to organization form login page after thingworx session timeout ie, the time set in UserManagementSubsystem?

4 REPLIES 4
PaiChung
22-Sapphire I
(To:rkansabanik)

I believe the only way right now is to use a custom Authenticator (although the authenticator could just be the piece to capture the timeout and redirect and not do any auth)

AnnaAn
14-Alexandrite
(To:rkansabanik)

Hi Reetam Kansabanik,

Like Pai mentioned, you would need a custom authenticator that when you find they are no longer authenticated, issue a server side “soft redirect” to their login page. We don’t have out of the box support for this in ThingWorx, so you need create an extension yourself.

 

1. please download ThingWorx Extension SDK from:https://support.ptc.com/appserver/auth/it/esd/product.jsp?prodFamily=TWX  

 

2.  Create an extension yourself following generic procedures how to create an extension. Remember to create a new java class extending CustomAuthenticator.

Example code that does this:

 

public class AuthenticatorImpl extends CustomAuthenticator
{
     private String user;
     private String requestUrl;
     private String password;
     private boolean isFormLogin;
     private boolean isRedirect;

 

    public AuthenticatorImpl()
     {
         user = null;
         requestUrl = null;
         password = null;
         isFormLogin = true;
         isRedirect = false;
     }

 

    public boolean matchesAuthRequest(HttpServletRequest httpRequest)
         throws AuthenticatorException
     {
         requestUrl = httpRequest.getRequestURL().toString();
         if((!requestUrl.contains("action-login")) & (!requestUrl.contains("FormLogin")))
         {
             isFormLogin = false;
             isRedirect = true;
             setRequiresChallenge(true);
         } else
         if(requestUrl.contains("action-login"))
         {
             user = httpRequest.getParameter("thingworx-form-userid");
             password = httpRequest.getParameter("thingworx-form-password");
         }
         return true;
     }

 

    public void authenticate(HttpServletRequest httpRequest, HttpServletResponse httpResponse)
         throws AuthenticatorException
     {
         setCredentials(user, password);
     }

 

    public void issueAuthenticationChallenge(HttpServletRequest httpRequest, HttpServletResponse httpResponse)
         throws AuthenticatorException
     {
         if(isRedirect)
         {
             String urlString = "/Thingworx/FormLogin/Everyone";//replace with your own organization
             try
             {
                 httpResponse.sendRedirect(urlString);
             }
             catch(IOException e)
             {
                 e.printStackTrace();

             }
         }
     }

 

}

 

3. Import the extension you created into ThingWorx platform, and then open Security->Authenticators,

you will find the authenticator you created, and please set a priority and click Enabled to take it into effect.

4. Next time when session time out or you manually log out, it will redirect you back to the Form login page.

Hope this helps,

Br,

Anna

 

 

AnnaAn
14-Alexandrite
(To:rkansabanik)

Hi Reetam Kansabanik,

Could you let us know of your new update for this issue? Is your issue resolved? Please mark correct answer or Helpful for the answer for the answers that helps you then we could close this topic and others will know how to do with the similar issue.

Thanks,

Br,

Anna

Can you please help with my case which is similar to the above solution:

  1. 1. We are currently using composer for development activity
  2. 2. We are having the mashups for an application which uses Form-Login that runs on the same Thingworx
  3. 3. If I use the custom auth https://community.thingworx.com/message/55908#55908 , it fails for composer login. I would need the code snippet for issueAuthenticationChallenge method to redirect the session timeout popup to specific mashup page and this should work only for mashup application and not for composer flow.

Please help me with this.

Announcements


Top Tags