cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

ThingWorx Navigate is now Windchill Navigate Learn More

Translate the entire conversation x

SSO Login Flow

NAdiyono
3-Newcomer

SSO Login Flow

Is there any other flow for logging in with SSO instead of as per documented in here?
https://support.ptc.com/help/thingworx/platform/r9.6/en/index.html#page/ThingWorx/Help/Composer/Security/Authenticators/TwxSSOAuthenticator.html

I want to create Custom Authenticator, but I need HTTP Request beside via "action-login" (URL: /Thingworx/action-login).

 

I already know how to get the corresponding data from SSO, but don't know where to POST these data to (so I could use this on the Custom Authenticator), since I want to differentiate login flow between usual Thingworx Users and SSO Users. Thus, I can handle SSO user as I want via the Custom Authenticator.

ACCEPTED SOLUTION

Accepted Solutions

Hi @NAdiyono,

 

As far as I'm concerned, I don't think it's possible to achieve your goal.

With SSO disabled, you might be able to get users to land on a custom jsp login page, but SSO won't work unless you build your own SSO capability from scratch.

With SSO enabled, users will be redirected to the configured IDP login page. And as you may know, basic authentication (using ThingWorx local username & password) won't work in this situation.

https://www.ptc.com/en/support/article/CS418980

If you wish ThingWorx to support partial SSO (part of the users login with SSO, part of the users login with basic authentication), please consider raising an enhancement request in https://community.ptc.com/t5/ThingWorx-Ideas/idb-p/thingworxideas providing your use case why this capability is necessary for you.

 

Best,

Tony

View solution in original post

3 REPLIES 3

Whenever speaking about SSO, you should configure the system as per this Help Center link: https://support.ptc.com/help/thingworx/platform/r9.6/en/index.html?#page/ThingWorx/Help/Composer/Security/SSO/SingleSignOnAuthentication.html 

Whenever an user would connect to ThingWorx in this way, they will be redirected to the IDP login screen. From this perspective, if the correspondent IDP user has or not an User in ThingWorx, it will not make any difference.

What exactly is the use-case you're trying to achieve? Do you want to have parallel SSO and non-SSO users authenticating in ThingWorx?

 

 

So I came up to this thread

https://community.ptc.com/t5/ThingWorx-Developers/User-Provisioning-Exclusion-List/m-p/841719/highlight/true#M60360

and the tutorial PTC gave (Youtube video; https://youtu.be/4rNNAzH0yp0?si=Beys6F6BUijHNPEw).

tldr; when SSO is enabled, can't the login using Administrator/other users in Thingworx (at least on that thread and Youtube video).

 

My goal is, I just curious if I can give the option to login via SSO or Thingworx Users when SSO is enabled, or is it not possible to do so?

 

If not possible when SSO is enabled (like on the references I attached),

 

I have an idea to differentiate the Authenticator for users to login based on SSO or non SSO, how can I do it?

So on the landing page there will be one option that handle Thingworx Users login (as default when SSO is disabled) and one option to login via SSO that maybe display popup form (or such) and after the user logged in from SSO auth page, it is automatically logged in to the application too.

This video demonstrates the ThingWorx SSO login procedure using Azure AD. The login procedure is shown from a user point of view. Then a behind the scenes view looks at the design in ThingWorx Composer.

Hi @NAdiyono,

 

As far as I'm concerned, I don't think it's possible to achieve your goal.

With SSO disabled, you might be able to get users to land on a custom jsp login page, but SSO won't work unless you build your own SSO capability from scratch.

With SSO enabled, users will be redirected to the configured IDP login page. And as you may know, basic authentication (using ThingWorx local username & password) won't work in this situation.

https://www.ptc.com/en/support/article/CS418980

If you wish ThingWorx to support partial SSO (part of the users login with SSO, part of the users login with basic authentication), please consider raising an enhancement request in https://community.ptc.com/t5/ThingWorx-Ideas/idb-p/thingworxideas providing your use case why this capability is necessary for you.

 

Best,

Tony
Announcements


Top Tags