Community Tip - Stay updated on what is happening on the PTC Community by subscribing to PTC Community Announcements. X
Hi!
We currently have our TW server configured for SSO via pingFederate. That part works great. I now want to use some android tablets to access TW mashups on the LAN which bypass SSO.
I have done the following:
1. created an appKey and can set an expiry and userID to it.
2. Checked the boxes in the platform system settings to "Allow Request Method Switch" and "Allow Application Key As URL Parameter"
3. Added ApplicationKeySettings: enabled=true to the sso-settings.json file
4. Opened an URL on the android tablets in this format: "https://<ThingWorxServer>:<ThingWorxPort>/Thingworx/Mashups/<MashupName>?appKey=<AppKey>&x-thingworx-session=true"
I am still getting directed to the SSO SAML sign-in page.
I can't seem to find any other documentation on how to use the appKey approach and SSO at the same time. Does anyone have any other insights?
We are on version 9.3.8
Thanks!
Solved! Go to Solution.
Hi @SL_10617171 ,
Most of the Thingworx Authenticators are system objects. When you browse for authenticators, make sure to click on the filter icon and select "Show System Objects" checkbox.
You will find the "ThingworxApplicationKeyAuthenticator" or "ThingworxAppKeyAuthenticator".
Check if the "Enabled" checkbox is selected. If not, then you will have to enable it.
Since this is a system object, this will not be editable and you cannot change the priority or any property.
What you will have to do is, click on it and navigate to services tab. Once there, search "enable" in the services search box. You should find "EnableAuthenticator".
Execute the service and voila, the "ThingworxApplicationKeyAuthenticator" should be enabled now.
You will also need to go to the "ThingworxSSOAuthenticator", edit it and change the priority to 250. Since, this is not a system object, editing it and changing priority or enable/disable is straight forward.
Hi @SL_10617171 ,
If all the settings are in place as mentioned in the sso configuration guide and help settings then it may be a case where the App Key Authenticator is disabled.
You can reference the TwxSSOAuthenticator help page. Pasting an extract snapshot here:
Enable the "ThingworxApplicationKeyAuthenticator". And also try to keep the priority on this as a smaller integer as compared to the SSO Authenticator.
Example:
Priority for ThingworxApplicationKeyAuthenticator - 200
Priority for ThingworxSSOAuthenticator - 250
The lower the number, the higher the priority.
Hope this helps.
Hi @VVM_4 ,
I appreciate the insight, and I totally understand the concept of setting metric priority of these two authentication methods. That's great information!
I am very new to an existing small TW team, so there is a lot that I am trying to figure out. SSO was already setup on TW at my location, so I have no experience in configuring the different authenticators TW provides out of the box.
Anyway, after I read your explanation, and links to the documents, I am still a little unclear of what auth methods should be included out of the box. If you look at the screenshot below, here are the authenticators that are installed (notice the missing ThingworxApplicationKeyAuthenticator? Is this something that I need to create from scratch somehow, or if TW supports ThingworxApplicationKeyAuthenticator stock, do I just need to add it in somewhere? I tried looking some more stuff up, but I was only able to find how to create/compile custom authentication methods.
Appreciate any further help you can provide!
Adding to @VVM_4 point
Open 'ThingworxSSOAuthenticator' and set priority to 250
You can click on 'Show System Objects' to see the default authenticators
By default 'ThingworxApplicationKeyAuthenticator' priority is set to 200, so ThingworxSSOAuthenticator should be higher than AppKey authenticator.
/VR
Hi @SL_10617171 ,
Most of the Thingworx Authenticators are system objects. When you browse for authenticators, make sure to click on the filter icon and select "Show System Objects" checkbox.
You will find the "ThingworxApplicationKeyAuthenticator" or "ThingworxAppKeyAuthenticator".
Check if the "Enabled" checkbox is selected. If not, then you will have to enable it.
Since this is a system object, this will not be editable and you cannot change the priority or any property.
What you will have to do is, click on it and navigate to services tab. Once there, search "enable" in the services search box. You should find "EnableAuthenticator".
Execute the service and voila, the "ThingworxApplicationKeyAuthenticator" should be enabled now.
You will also need to go to the "ThingworxSSOAuthenticator", edit it and change the priority to 250. Since, this is not a system object, editing it and changing priority or enable/disable is straight forward.
Hi @SL_10617171
You should be able to access Mashup using AppKey with SSO enabled.
Check whether Allow Application Key as URL Parameter is enabled in Platform Subsytem
Please refer to this article for more information - Article - CS227935 - Accessing Mashups using Application Key (appKey) Authentication in ThingWorx (ptc.com)
/VR
Platform Subsystem configuration looks good.
Try to use 2nd URL format and also check appKey expiry date.
I have a Thingworx instance with SSO enabled, I'm also to access Mashup using 1st URL format. (Thingworx Version : 9.3.1 )
/VR