Is there any other flow for logging in with SSO instead of as per documented in here?
https://support.ptc.com/help/thingworx/platform/r9.6/en/index.html#page/ThingWorx/Help/Composer/Security/Authenticators/TwxSSOAuthenticator.html
I want to create Custom Authenticator, but I need HTTP Request beside via "action-login" (URL: /Thingworx/action-login).
I already know how to get the corresponding data from SSO, but don't know where to POST these data to (so I could use this on the Custom Authenticator), since I want to differentiate login flow between usual Thingworx Users and SSO Users. Thus, I can handle SSO user as I want via the Custom Authenticator.
Solved! Go to Solution.
Hi @NAdiyono,
As far as I'm concerned, I don't think it's possible to achieve your goal.
With SSO disabled, you might be able to get users to land on a custom jsp login page, but SSO won't work unless you build your own SSO capability from scratch.
With SSO enabled, users will be redirected to the configured IDP login page. And as you may know, basic authentication (using ThingWorx local username & password) won't work in this situation.
https://www.ptc.com/en/support/article/CS418980
If you wish ThingWorx to support partial SSO (part of the users login with SSO, part of the users login with basic authentication), please consider raising an enhancement request in https://community.ptc.com/t5/ThingWorx-Ideas/idb-p/thingworxideas providing your use case why this capability is necessary for you.
Best,
Whenever speaking about SSO, you should configure the system as per this Help Center link: https://support.ptc.com/help/thingworx/platform/r9.6/en/index.html?#page/ThingWorx/Help/Composer/Security/SSO/SingleSignOnAuthentication.html
Whenever an user would connect to ThingWorx in this way, they will be redirected to the IDP login screen. From this perspective, if the correspondent IDP user has or not an User in ThingWorx, it will not make any difference.
What exactly is the use-case you're trying to achieve? Do you want to have parallel SSO and non-SSO users authenticating in ThingWorx?
So I came up to this thread
and the tutorial PTC gave (Youtube video; https://youtu.be/4rNNAzH0yp0?si=Beys6F6BUijHNPEw).
tldr; when SSO is enabled, can't the login using Administrator/other users in Thingworx (at least on that thread and Youtube video).
My goal is, I just curious if I can give the option to login via SSO or Thingworx Users when SSO is enabled, or is it not possible to do so?
If not possible when SSO is enabled (like on the references I attached),
I have an idea to differentiate the Authenticator for users to login based on SSO or non SSO, how can I do it?
So on the landing page there will be one option that handle Thingworx Users login (as default when SSO is disabled) and one option to login via SSO that maybe display popup form (or such) and after the user logged in from SSO auth page, it is automatically logged in to the application too.
Hi @NAdiyono,
As far as I'm concerned, I don't think it's possible to achieve your goal.
With SSO disabled, you might be able to get users to land on a custom jsp login page, but SSO won't work unless you build your own SSO capability from scratch.
With SSO enabled, users will be redirected to the configured IDP login page. And as you may know, basic authentication (using ThingWorx local username & password) won't work in this situation.
https://www.ptc.com/en/support/article/CS418980
If you wish ThingWorx to support partial SSO (part of the users login with SSO, part of the users login with basic authentication), please consider raising an enhancement request in https://community.ptc.com/t5/ThingWorx-Ideas/idb-p/thingworxideas providing your use case why this capability is necessary for you.
Best,