cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Single Sign On (SSO) Without Ping Federate

SOLVED
Amethyst

Single Sign On (SSO) Without Ping Federate

Is it possible to configure SSO on ThingWorx without using PingFederate?  All the documentation seems to be forcing Ping, but if possible, we would like to simply use SAML 2.0 with a direct connection to our IdP.

For reference, we would be using ThingWorx version 8.3.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Single Sign On (SSO) Without Ping Federate

I was eventually able to set up SSO without using Ping Federate on Thingworx 8.3.3 with the help of our IdP admin.  Most of the setup was similar to the online docs, but I had to come up with the SP metadata file for ThingWorx. 

Using the ThingworxSSOAuthenticator I am also able to map LDAP groups sent by the IdP via SAML.

View solution in original post

6 REPLIES 6
Highlighted

Re: Single Sign On (SSO) Without Ping Federate

You will need a broker in between which will handle everything which is coming from ThingWorx and in response coming from IDP .There is no OOTB way to take IDP metadata in ThingWorx and directly communicate with IDP .If you want you can try other broker like shibboleth .But PTC tested architecture of SSO involve Ping Federate only. 

 

 

 

Thanks,

Mukul Narang 

Highlighted

Re: Single Sign On (SSO) Without Ping Federate

Highlighted

Re: Single Sign On (SSO) Without Ping Federate

Is there any documentation available that explains the underlying function of how SSO works in ThingWorx?  I've been through the Help Center and the SSO architecture document that discusses Thingworx, PingFederate, and Windchill.  

Highlighted

Re: Single Sign On (SSO) Without Ping Federate

PTC has adopted PingFederate as the ThingWorx SSO solution, and so all of the documentation focuses on using PingFederate with ThingWorx. There is no SSO documentation independent of that.

Highlighted

Re: Single Sign On (SSO) Without Ping Federate

The Authenticator extension link that I pointed you to should give you some added info as well, not sure what additionally you are looking for.

Highlighted

Re: Single Sign On (SSO) Without Ping Federate

I was eventually able to set up SSO without using Ping Federate on Thingworx 8.3.3 with the help of our IdP admin.  Most of the setup was similar to the online docs, but I had to come up with the SP metadata file for ThingWorx. 

Using the ThingworxSSOAuthenticator I am also able to map LDAP groups sent by the IdP via SAML.

View solution in original post

Announcements

Thingworx Navigate content has a new home! Click here to access the new Thingworx Navigate forum! ______________________________