Re: Redirection on session timeout

rkansabanik · ‎Apr 06, 2017

How to redirect to organization form login page after thingworx session timeout ie, the time set in UserManagementSubsystem?

PaiChung · ‎Apr 06, 2017

I believe the only way right now is to use a custom Authenticator (although the authenticator could just be the piece to capture the timeout and redirect and not do any auth)

AnnaAn · ‎Apr 06, 2017

Hi Reetam Kansabanik,

Like Pai mentioned, you would need a custom authenticator that when you find they are no longer authenticated, issue a server side “soft redirect” to their login page. We don’t have out of the box support for this in ThingWorx, so you need create an extension yourself.

1. please download ThingWorx Extension SDK from:https://support.ptc.com/appserver/auth/it/esd/product.jsp?prodFamily=TWX

2. Create an extension yourself following generic procedures how to create an extension. Remember to create a new java class extending CustomAuthenticator.

Example code that does this:

public class AuthenticatorImpl extends CustomAuthenticator
 {
     private String user;
     private String requestUrl;
     private String password;
     private boolean isFormLogin;
     private boolean isRedirect;
  
    public AuthenticatorImpl()
     {
         user = null;
         requestUrl = null;
         password = null;
         isFormLogin = true;
         isRedirect = false;
     }
  
    public boolean matchesAuthRequest(HttpServletRequest httpRequest)
         throws AuthenticatorException
     {
         requestUrl = httpRequest.getRequestURL().toString();
         if((!requestUrl.contains("action-login")) & (!requestUrl.contains("FormLogin")))
         {
             isFormLogin = false;
             isRedirect = true;
             setRequiresChallenge(true);
         } else
         if(requestUrl.contains("action-login"))
         {
             user = httpRequest.getParameter("thingworx-form-userid");
             password = httpRequest.getParameter("thingworx-form-password");
         }
         return true;
     }
  
    public void authenticate(HttpServletRequest httpRequest, HttpServletResponse httpResponse)
         throws AuthenticatorException
     {
         setCredentials(user, password);
     }
  
    public void issueAuthenticationChallenge(HttpServletRequest httpRequest, HttpServletResponse httpResponse)
         throws AuthenticatorException
     {
         if(isRedirect)
         {
             String urlString = "/Thingworx/FormLogin/Everyone";//replace with your own organization
             try
             {
                 httpResponse.sendRedirect(urlString);
             }
             catch(IOException e)
             {
                 e.printStackTrace();
             }
         }
     }
  
}

3. Import the extension you created into ThingWorx platform, and then open Security->Authenticators,

you will find the authenticator you created, and please set a priority and click Enabled to take it into effect.

4. Next time when session time out or you manually log out, it will redirect you back to the Form login page.

Hope this helps,

Br,

Anna

AnnaAn · ‎Apr 11, 2017

Hi Reetam Kansabanik,

Could you let us know of your new update for this issue? Is your issue resolved? Please mark correct answer or Helpful for the answer for the answers that helps you then we could close this topic and others will know how to do with the similar issue.

Thanks,

Br,

Anna

skrishnasamy · ‎Dec 13, 2017

Can you please help with my case which is similar to the above solution:

1. We are currently using composer for development activity
2. We are having the mashups for an application which uses Form-Login that runs on the same Thingworx
3. If I use the custom auth https://community.thingworx.com/message/55908#55908 , it fails for composer login. I would need the code snippet for issueAuthenticationChallenge method to redirect the session timeout popup to specific mashup page and this should work only for mashup application and not for composer flow.

Please help me with this.