cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Learn all about the Community Ranking System, a fun gamification element of the PTC Community. X

Single Sign On (SSO) Without Ping Federate

Ascherer17
14-Alexandrite

Single Sign On (SSO) Without Ping Federate

Is it possible to configure SSO on ThingWorx without using PingFederate?  All the documentation seems to be forcing Ping, but if possible, we would like to simply use SAML 2.0 with a direct connection to our IdP.

For reference, we would be using ThingWorx version 8.3.

1 ACCEPTED SOLUTION

Accepted Solutions
Ascherer17
14-Alexandrite
(To:Ascherer17)

I was eventually able to set up SSO without using Ping Federate on Thingworx 8.3.3 with the help of our IdP admin.  Most of the setup was similar to the online docs, but I had to come up with the SP metadata file for ThingWorx. 

Using the ThingworxSSOAuthenticator I am also able to map LDAP groups sent by the IdP via SAML.

View solution in original post

6 REPLIES 6

You will need a broker in between which will handle everything which is coming from ThingWorx and in response coming from IDP .There is no OOTB way to take IDP metadata in ThingWorx and directly communicate with IDP .If you want you can try other broker like shibboleth .But PTC tested architecture of SSO involve Ping Federate only. 

 

 

 

Thanks,

Mukul Narang 

Ascherer17
14-Alexandrite
(To:mnarang)

Is there any documentation available that explains the underlying function of how SSO works in ThingWorx?  I've been through the Help Center and the SSO architecture document that discusses Thingworx, PingFederate, and Windchill.  

PTC has adopted PingFederate as the ThingWorx SSO solution, and so all of the documentation focuses on using PingFederate with ThingWorx. There is no SSO documentation independent of that.

PaiChung
22-Sapphire I
(To:Ascherer17)

The Authenticator extension link that I pointed you to should give you some added info as well, not sure what additionally you are looking for.

PaiChung
22-Sapphire I
(To:Ascherer17)

Ascherer17
14-Alexandrite
(To:Ascherer17)

I was eventually able to set up SSO without using Ping Federate on Thingworx 8.3.3 with the help of our IdP admin.  Most of the setup was similar to the online docs, but I had to come up with the SP metadata file for ThingWorx. 

Using the ThingworxSSOAuthenticator I am also able to map LDAP groups sent by the IdP via SAML.

Top Tags