cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Help us improve the PTC Community by taking this short Community Survey! X

Thingworx custom Authenticator extension not working

Go to solution
vtayal
7-Bedrock
7-Bedrock
‎Jul 27, 2017 07:20 PM
‎Jul 27, 2017 07:20 PM

Thingworx custom Authenticator extension not working

I am trying to customise the Thingworx authentication flow by developing Authenticator extension .

I am trying to login into Thingworx by hitting url like <http://localhost:8080/Thingworx/Home?username="Administrator">   instead of login through Thingworx login page. But when i hit this url , i am getting error as "com.thingworx.common.exceptions.InvalidRequestException: Authentication failed: Please make sure the credentials are correct." in application logs.


Below is my code of "authenticate" method of my Authenticator extension:

@Override

public void authenticate(HttpServletRequest httpRequest, HttpServletResponse httpResponse)

throws AuthenticatorException {

     try {

          String user= httpRequest.getParameter("username");

          AuthenticationUtilities.validateEnabledThingworxUser(user);

          this.setCredentials(user);

          } catch (Exception e) {

               this.setRequiresChallenge(false);

               throw new AuthenticatorException("Provided username is not valid, " + ADICognitoAuthenticator.class.getSimpleName() + " failed to auto login!");

          }

}

Is it possible to login into Thingworx without giving password via custom Authenticator extension?

Labels:
0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
vtayal
7-Bedrock
7-Bedrock
(To:vtayal)
‎Aug 03, 2017 10:45 AM
‎Aug 03, 2017 10:45 AM

I got the soution:

add

AuthenticationUtilities.getSecurityMonitorThing().fireSuccessfulLoginEvent(user,

SharedConstants.EMPTY_STRING); after this.setCredentials(user);


This works for me

View solution in original post

0 Kudos
Notify Moderator
3 REPLIES 3
AdamR
14-Alexandrite
14-Alexandrite
(To:vtayal)
‎Jul 28, 2017 01:27 PM
‎Jul 28, 2017 01:27 PM

This would be possible but you would need to hardcode a password or application key into the Authenticator.  It is not possible to login without one of those being passed.

0 Kudos
Notify Moderator
vtayal
7-Bedrock
7-Bedrock
(To:vtayal)
‎Jul 30, 2017 03:19 PM
‎Jul 30, 2017 03:19 PM

Thanks Adam for your reply...

Actually, i was taking reference from "Thingworx custom AutoAuth · GitHub"  example where it works with that flow. I thought of validating credentiials outside Thingworx and then redirect to Thingworx composer with the username which is already enabled into Thingworx.

0 Kudos
Notify Moderator
vtayal
7-Bedrock
7-Bedrock
(To:vtayal)
‎Aug 03, 2017 10:45 AM
‎Aug 03, 2017 10:45 AM

I got the soution:

add

AuthenticationUtilities.getSecurityMonitorThing().fireSuccessfulLoginEvent(user,

SharedConstants.EMPTY_STRING); after this.setCredentials(user);


This works for me

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags