Skip to main content
S
SL_106171714-Participant
4-Participant
May 24, 2023
Solved

Using appKey with SSO (further assistance needed)

  • May 24, 2023
  • 2 replies
  • 2539 views

Hi!

We currently have our TW server configured for SSO via pingFederate.  That part works great.  I now want to use some android tablets to access TW mashups on the LAN which bypass SSO.

 

I have done the following:

1. created an appKey and can set an expiry and userID to it.

2. Checked the boxes in the platform system settings to "Allow Request Method Switch" and "Allow Application Key As URL Parameter"

3. Added ApplicationKeySettings: enabled=true to the sso-settings.json file

4. Opened an URL on the android tablets in this format: "https://<ThingWorxServer>:<ThingWorxPort>/Thingworx/Mashups/<MashupName>?appKey=<AppKey>&x-thingworx-session=true"

 

I am still getting directed to the SSO SAML sign-in page.

 

I can't seem to find any other documentation on how to use the appKey approach and SSO at the same time.  Does anyone have any other insights?

 

We are on version 9.3.8

 

Thanks!

 

 

 

Best answer by VVM_4

Hi @SL_10617171 ,

 

Most of the Thingworx Authenticators are system objects. When you browse for authenticators, make sure to click on the filter icon and select "Show System Objects" checkbox.

Screenshot 2023-05-25 093058.png

 

You will find the "ThingworxApplicationKeyAuthenticator" or "ThingworxAppKeyAuthenticator".

Check if the "Enabled" checkbox is selected. If not, then you will have to enable it.

Since this is a system object, this will not be editable and you cannot change the priority or any property.

What you will have to do is, click on it and navigate to services tab. Once there, search "enable" in the services search box. You should find "EnableAuthenticator".

Screenshot 2023-05-25 093729.png

Execute the service and voila, the "ThingworxApplicationKeyAuthenticator" should be enabled now.

 

You will also need to go to the "ThingworxSSOAuthenticator", edit it and change the priority to 250. Since, this is not a system object, editing it and changing priority or enable/disable is straight forward.

 

2 replies

V
VVM_410-Marble
10-Marble
May 24, 2023

Hi @SL_10617171 ,

 

If all the settings are in place as mentioned in the sso configuration guide and help settings then it may be a case where the App Key Authenticator is disabled.

You can reference the TwxSSOAuthenticator help page. Pasting an extract snapshot here:

Screenshot 2023-05-24 181417.png

 

Enable the "ThingworxApplicationKeyAuthenticator". And also try to keep the priority on this as a smaller integer as compared to the SSO Authenticator.

Example:

Priority for ThingworxApplicationKeyAuthenticator - 200

Priority for ThingworxSSOAuthenticator - 250

 

The lower the number, the higher the priority.

 

Hope this helps.

S
SL_106171714-ParticipantAuthor
4-Participant
May 25, 2023

Hi @VVM_4 ,

I appreciate the insight, and I totally understand the concept of setting metric priority of these two authentication methods.  That's great information!

 

I am very new to an existing small TW team, so there is a lot that I am trying to figure out. SSO was already setup on TW at my location, so I have no experience in configuring the different authenticators TW provides out of the box. 

 

Anyway, after I read your explanation, and links to the documents, I am still a little unclear of what auth methods should be included out of the box.  If you look at the screenshot below, here are the authenticators that are installed (notice the missing ThingworxApplicationKeyAuthenticator?  Is this something that I need to create from scratch somehow, or if TW supports ThingworxApplicationKeyAuthenticator stock, do I just need to add it in somewhere?  I tried looking some more stuff up, but I was only able to find how to create/compile custom authentication methods.

 

Appreciate any further help you can provide!

 

SL_10617171_0-1685019366542.png

 

V
19-Tanzanite
Velkumar19-Tanzanite
19-Tanzanite
May 25, 2023

@SL_10617171  

 

Adding to @VVM_4  point 

 

Open 'ThingworxSSOAuthenticator' and set priority to 250

 

Velkumar_3-1685021914097.png

 

You can click on 'Show System Objects' to see the default authenticators

Velkumar_4-1685022007162.png

 

By default 'ThingworxApplicationKeyAuthenticator' priority is set to 200, so ThingworxSSOAuthenticator should be higher than AppKey authenticator.

 

/VR

 

 

 

 

 

 

 

 

    V
    19-Tanzanite
    Velkumar19-Tanzanite
    19-Tanzanite
    May 25, 2023

    Hi @SL_10617171 

     

    You should be able to access Mashup using AppKey with SSO enabled. 

     

    Check whether Allow Application Key as URL Parameter is enabled in Platform Subsytem

     

    Velkumar_0-1685020009080.png

     

     

    Please refer to this article for more information - Article - CS227935 - Accessing Mashups using Application Key (appKey) Authentication in ThingWorx (ptc.com)

     

    /VR

     

    S
    SL_106171714-ParticipantAuthor
    4-Participant
    May 25, 2023

    hi @Velkumar ,

    Yep, it sure is:

    SL_10617171_0-1685020553400.png

     

    V
    19-Tanzanite
    Velkumar19-Tanzanite
    19-Tanzanite
    May 25, 2023

    @SL_10617171 

     

    Platform Subsystem configuration looks good.

     

    Try to use 2nd URL format and also check appKey expiry date.

     

    Velkumar_0-1685021073537.png

     

    I have a Thingworx instance with SSO enabled, I'm also to access Mashup using 1st URL format. (Thingworx Version : 9.3.1 )

     

    /VR

     

     

    Terms & ConditionsCookie settingsAccessibility statement