Thingworx custom Authenticator extension not working
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
Thingworx custom Authenticator extension not working
I am trying to customise the Thingworx authentication flow by developing Authenticator extension .
I am trying to login into Thingworx by hitting url like <http://localhost:8080/Thingworx/Home?username="Administrator"> instead of login through Thingworx login page. But when i hit this url , i am getting error as "com.thingworx.common.exceptions.InvalidRequestException: Authentication failed: Please make sure the credentials are correct." in application logs.
Below is my code of "authenticate" method of my Authenticator extension:
@Override
public void authenticate(HttpServletRequest httpRequest, HttpServletResponse httpResponse)
throws AuthenticatorException {
try {
String user= httpRequest.getParameter("username");
AuthenticationUtilities.validateEnabledThingworxUser(user);
this.setCredentials(user);
} catch (Exception e) {
this.setRequiresChallenge(false);
throw new AuthenticatorException("Provided username is not valid, " + ADICognitoAuthenticator.class.getSimpleName() + " failed to auto login!");
}
}
Is it possible to login into Thingworx without giving password via custom Authenticator extension?
Solved! Go to Solution.
- Labels:
-
Extensions
-
Security
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
I got the soution:
add
AuthenticationUtilities.getSecurityMonitorThing().fireSuccessfulLoginEvent(user,
SharedConstants.EMPTY_STRING); after this.setCredentials(user);
This works for me
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
This would be possible but you would need to hardcode a password or application key into the Authenticator. It is not possible to login without one of those being passed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
Thanks Adam for your reply...
Actually, i was taking reference from "Thingworx custom AutoAuth · GitHub" example where it works with that flow. I thought of validating credentiials outside Thingworx and then redirect to Thingworx composer with the username which is already enabled into Thingworx.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
I got the soution:
add
AuthenticationUtilities.getSecurityMonitorThing().fireSuccessfulLoginEvent(user,
SharedConstants.EMPTY_STRING); after this.setCredentials(user);
This works for me