cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - New to the community? Learn how to post a question and get help from PTC and industry experts! X

Thingworx custom Authenticator extension not working

vtayal
7-Bedrock

Thingworx custom Authenticator extension not working

I am trying to customise the Thingworx authentication flow by developing Authenticator extension .

I am trying to login into Thingworx by hitting url like <http://localhost:8080/Thingworx/Home?username="Administrator">   instead of login through Thingworx login page. But when i hit this url , i am getting error as "com.thingworx.common.exceptions.InvalidRequestException: Authentication failed: Please make sure the credentials are correct." in application logs.


Below is my code of "authenticate" method of my Authenticator extension:

@Override

public void authenticate(HttpServletRequest httpRequest, HttpServletResponse httpResponse)

throws AuthenticatorException {

     try {

          String user= httpRequest.getParameter("username");

          AuthenticationUtilities.validateEnabledThingworxUser(user);

          this.setCredentials(user);

          } catch (Exception e) {

               this.setRequiresChallenge(false);

               throw new AuthenticatorException("Provided username is not valid, " + ADICognitoAuthenticator.class.getSimpleName() + " failed to auto login!");

          }

}

Is it possible to login into Thingworx without giving password via custom Authenticator extension?

ACCEPTED SOLUTION

Accepted Solutions
vtayal
7-Bedrock
(To:vtayal)

I got the soution:

add

AuthenticationUtilities.getSecurityMonitorThing().fireSuccessfulLoginEvent(user,

SharedConstants.EMPTY_STRING); after this.setCredentials(user);


This works for me

View solution in original post

3 REPLIES 3
AdamR
14-Alexandrite
(To:vtayal)

This would be possible but you would need to hardcode a password or application key into the Authenticator.  It is not possible to login without one of those being passed.

vtayal
7-Bedrock
(To:vtayal)

Thanks Adam for your reply...

Actually, i was taking reference from "Thingworx custom AutoAuth · GitHub"  example where it works with that flow. I thought of validating credentiials outside Thingworx and then redirect to Thingworx composer with the username which is already enabled into Thingworx.

vtayal
7-Bedrock
(To:vtayal)

I got the soution:

add

AuthenticationUtilities.getSecurityMonitorThing().fireSuccessfulLoginEvent(user,

SharedConstants.EMPTY_STRING); after this.setCredentials(user);


This works for me

Announcements


Top Tags